Analysis
-
max time kernel
38s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 01:38
Behavioral task
behavioral1
Sample
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe
Resource
win10v2004-20240508-en
General
-
Target
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe
-
Size
2.4MB
-
MD5
5f6308686a37fc69f7990b5bdf9822cd
-
SHA1
79648bade7074972f1859331c07a46d4ba3bbcc4
-
SHA256
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972
-
SHA512
d4c55bc938911010b52cc1eafeb566b02c62a9e764808face85f2867d7fc672732dde6b37697a356ca23f052921585117d3b6de8acd0104e8c32473f7169e4b1
-
SSDEEP
24576:6J39LyjbJkQFMhmC+6GD9uJ39LyjbJkQFMhmC+6GD94VJ1Pn4n9:6Hyjtk2MYC5GDgHyjtk2MYC5GDQn4n9
Malware Config
Signatures
-
Detect Neshta payload 49 IoCs
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\3582-490\e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe family_neshta C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe family_neshta \Users\Admin\AppData\Local\Temp\._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe family_neshta C:\Windows\svchost.com family_neshta C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE family_neshta C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe family_neshta C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe family_neshta behavioral1/memory/3044-59-0x0000000000400000-0x000000000065F000-memory.dmp family_neshta behavioral1/memory/2556-65-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2816-90-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/1656-104-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE family_neshta behavioral1/memory/2464-118-0x0000000000400000-0x000000000065F000-memory.dmp family_neshta C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE family_neshta C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE family_neshta C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE family_neshta C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE family_neshta behavioral1/memory/1156-181-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/912-188-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2132-238-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2248-256-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2016-292-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/784-293-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2240-294-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2028-314-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/580-320-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2160-340-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2636-346-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/1488-347-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/1924-367-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/608-373-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/1604-393-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2356-399-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2240-410-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2636-411-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2600-421-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2328-427-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2568-447-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2384-453-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/1548-473-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/860-479-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2844-499-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/1512-505-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/856-525-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/688-531-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/944-551-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/1808-557-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2636-559-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral1/memory/2240-558-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta -
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE 64 IoCs
Processes:
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exesvchost.com_CACHE~1.EXESynaptics.exe._cache_Synaptics.exe._cache__CACHE~1.EXEsvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXE._cache__CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXEpid process 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 2636 ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 2556 svchost.com 2564 _CACHE~1.EXE 2464 Synaptics.exe 2816 ._cache_Synaptics.exe 2804 ._cache__CACHE~1.EXE 1656 svchost.com 2004 _CACHE~2.EXE 1112 ._cache__CACHE~2.EXE 1628 Synaptics.exe 1156 ._cache_Synaptics.exe 912 svchost.com 2124 _CACHE~2.EXE 1316 ._cache__CACHE~2.EXE 280 Synaptics.exe 2132 ._cache_Synaptics.exe 2248 svchost.com 2076 _CACHE~2.EXE 2748 ._cache__CACHE~2.EXE 2532 Synaptics.exe 2016 ._cache_Synaptics.exe 784 svchost.com 1064 _CACHE~2.EXE 2932 ._cache__CACHE~2.EXE 2452 Synaptics.exe 2028 ._cache_Synaptics.exe 580 svchost.com 936 _CACHE~2.EXE 2308 ._cache__CACHE~2.EXE 1636 Synaptics.exe 2160 ._cache_Synaptics.exe 1488 svchost.com 616 _CACHE~2.EXE 1208 ._cache__CACHE~2.EXE 2300 Synaptics.exe 1924 ._cache_Synaptics.exe 608 svchost.com 952 _CACHE~2.EXE 2420 ._cache__CACHE~2.EXE 2264 Synaptics.exe 1604 ._cache_Synaptics.exe 2356 svchost.com 2612 _CACHE~2.EXE 984 ._cache__CACHE~2.EXE 2776 Synaptics.exe 2600 ._cache_Synaptics.exe 2328 svchost.com 2184 _CACHE~2.EXE 2952 ._cache__CACHE~2.EXE 2816 Synaptics.exe 2568 ._cache_Synaptics.exe 2384 svchost.com 752 _CACHE~2.EXE 2596 ._cache__CACHE~2.EXE 1344 Synaptics.exe 1548 ._cache_Synaptics.exe 860 svchost.com 2272 _CACHE~2.EXE 904 ._cache__CACHE~2.EXE 2148 Synaptics.exe 2844 ._cache_Synaptics.exe 1512 svchost.com 1536 _CACHE~2.EXE -
Loads dropped DLL 64 IoCs
Processes:
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exee16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exesvchost.comSynaptics.exe_CACHE~1.EXEsvchost.com_CACHE~2.EXE._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exeSynaptics.exesvchost.com_CACHE~2.EXESynaptics.exesvchost.com_CACHE~2.EXEWerFault.exeWerFault.exeWerFault.exeWerFault.exepid process 2240 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 2240 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 2556 svchost.com 2556 svchost.com 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 2464 Synaptics.exe 2564 _CACHE~1.EXE 2564 _CACHE~1.EXE 2464 Synaptics.exe 2464 Synaptics.exe 1656 svchost.com 1656 svchost.com 2004 _CACHE~2.EXE 2004 _CACHE~2.EXE 2004 _CACHE~2.EXE 2004 _CACHE~2.EXE 2240 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 2636 ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 1628 Synaptics.exe 1628 Synaptics.exe 1628 Synaptics.exe 1628 Synaptics.exe 912 svchost.com 912 svchost.com 2124 _CACHE~2.EXE 2124 _CACHE~2.EXE 2124 _CACHE~2.EXE 2124 _CACHE~2.EXE 2124 _CACHE~2.EXE 280 Synaptics.exe 280 Synaptics.exe 280 Synaptics.exe 280 Synaptics.exe 2248 svchost.com 2248 svchost.com 2076 _CACHE~2.EXE 1608 WerFault.exe 1608 WerFault.exe 1608 WerFault.exe 1608 WerFault.exe 2100 WerFault.exe 2100 WerFault.exe 2100 WerFault.exe 2100 WerFault.exe 2052 WerFault.exe 2052 WerFault.exe 2052 WerFault.exe 2052 WerFault.exe 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2524 WerFault.exe 2524 WerFault.exe 2524 WerFault.exe 2524 WerFault.exe 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2524 WerFault.exe 2240 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe 2052 WerFault.exe 1608 WerFault.exe -
Modifies system executable filetype association 2 TTPs 1 IoCs
Processes:
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 18 IoCs
Processes:
_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXEe16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXEdescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" _CACHE~2.EXE -
Drops file in Program Files directory 64 IoCs
Processes:
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exedescription ioc process File opened for modification C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\Setup.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\OIS.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WINDOW~1\wab.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WINDOW~1\wab.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmplayer.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\INFOPATH.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmprph.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WI54FB~1\WMPDMC.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSQRY32.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmpconfig.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe -
Drops file in Windows directory 64 IoCs
Processes:
._cache_Synaptics.exe._cache_Synaptics.exesvchost.comsvchost.com._cache_Synaptics.exesvchost.comsvchost.com._cache_Synaptics.exe._cache_Synaptics.exe._cache_Synaptics.exe._cache_Synaptics.exesvchost.comsvchost.comsvchost.comsvchost.com._cache_Synaptics.exesvchost.com._cache_Synaptics.exe._cache_Synaptics.exesvchost.com._cache_Synaptics.exesvchost.comsvchost.comsvchost.comsvchost.comsvchost.comsvchost.com._cache_Synaptics.exesvchost.com._cache_Synaptics.exe._cache_Synaptics.exe._cache_Synaptics.exe._cache_Synaptics.exe._cache_Synaptics.exe._cache_Synaptics.exesvchost.com._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exedescription ioc process File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys svchost.com File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\directx.sys ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com ._cache_Synaptics.exe File opened for modification C:\Windows\svchost.com svchost.com File opened for modification C:\Windows\svchost.com svchost.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 64 IoCs
Processes:
WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exepid pid_target process target process 1608 1112 WerFault.exe ._cache__CACHE~2.EXE 2100 2804 WerFault.exe ._cache__CACHE~1.EXE 2052 1316 WerFault.exe ._cache__CACHE~2.EXE 2524 2748 WerFault.exe ._cache__CACHE~2.EXE 2720 2932 WerFault.exe ._cache__CACHE~2.EXE 1592 2308 WerFault.exe ._cache__CACHE~2.EXE 2684 1208 WerFault.exe ._cache__CACHE~2.EXE 2200 2420 WerFault.exe ._cache__CACHE~2.EXE 3036 984 WerFault.exe ._cache__CACHE~2.EXE 956 2952 WerFault.exe ._cache__CACHE~2.EXE 2944 2596 WerFault.exe ._cache__CACHE~2.EXE 2152 904 WerFault.exe ._cache__CACHE~2.EXE 2228 1284 WerFault.exe ._cache__CACHE~2.EXE 1744 2008 WerFault.exe ._cache__CACHE~2.EXE 1672 936 WerFault.exe ._cache__CACHE~2.EXE 2512 2876 WerFault.exe ._cache__CACHE~2.EXE 2564 672 WerFault.exe ._cache__CACHE~2.EXE 704 3020 WerFault.exe ._cache__CACHE~2.EXE 2760 2584 WerFault.exe ._cache__CACHE~2.EXE 3000 2040 WerFault.exe ._cache__CACHE~2.EXE 2980 960 WerFault.exe ._cache__CACHE~2.EXE 1972 1132 WerFault.exe ._cache__CACHE~2.EXE 2600 1852 WerFault.exe ._cache__CACHE~2.EXE 2704 2568 WerFault.exe ._cache__CACHE~2.EXE 2672 1820 WerFault.exe ._cache__CACHE~2.EXE 2552 280 WerFault.exe ._cache__CACHE~2.EXE 2588 2488 WerFault.exe ._cache__CACHE~2.EXE 1036 576 WerFault.exe ._cache__CACHE~2.EXE 3192 3124 WerFault.exe ._cache__CACHE~2.EXE 3484 3416 WerFault.exe ._cache__CACHE~2.EXE 3764 3696 WerFault.exe ._cache__CACHE~2.EXE 4032 3968 WerFault.exe ._cache__CACHE~2.EXE 3324 3256 WerFault.exe ._cache__CACHE~2.EXE 3612 3544 WerFault.exe ._cache__CACHE~2.EXE 4004 3836 WerFault.exe ._cache__CACHE~2.EXE 3160 896 WerFault.exe ._cache__CACHE~2.EXE 3392 3552 WerFault.exe ._cache__CACHE~2.EXE 3152 3904 WerFault.exe ._cache__CACHE~2.EXE 3620 3524 WerFault.exe ._cache__CACHE~2.EXE 3956 3868 WerFault.exe ._cache__CACHE~2.EXE 3864 3268 WerFault.exe ._cache__CACHE~2.EXE 2072 584 WerFault.exe ._cache__CACHE~2.EXE 3604 3432 WerFault.exe ._cache__CACHE~2.EXE 3084 3108 WerFault.exe ._cache__CACHE~2.EXE 4016 3760 WerFault.exe ._cache__CACHE~2.EXE 3176 4088 WerFault.exe ._cache__CACHE~2.EXE 3456 3264 WerFault.exe ._cache__CACHE~2.EXE 3460 3852 WerFault.exe ._cache__CACHE~2.EXE 4120 3576 WerFault.exe ._cache__CACHE~2.EXE 4404 4336 WerFault.exe ._cache__CACHE~2.EXE 4692 4624 WerFault.exe ._cache__CACHE~2.EXE 5016 4940 WerFault.exe ._cache__CACHE~2.EXE 4248 4156 WerFault.exe ._cache__CACHE~2.EXE 4480 4552 WerFault.exe ._cache__CACHE~2.EXE 4980 1436 WerFault.exe ._cache__CACHE~2.EXE 4344 5108 WerFault.exe ._cache__CACHE~2.EXE 4540 4488 WerFault.exe ._cache__CACHE~2.EXE 4100 4840 WerFault.exe ._cache__CACHE~2.EXE 4432 4200 WerFault.exe ._cache__CACHE~2.EXE 4832 4864 WerFault.exe ._cache__CACHE~2.EXE 5092 4148 WerFault.exe ._cache__CACHE~2.EXE 4700 4768 WerFault.exe ._cache__CACHE~2.EXE 4596 1840 WerFault.exe ._cache__CACHE~2.EXE 4384 856 WerFault.exe ._cache__CACHE~2.EXE -
Modifies registry class 1 IoCs
Processes:
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXEpid process 2004 _CACHE~2.EXE 2004 _CACHE~2.EXE 2004 _CACHE~2.EXE 2124 _CACHE~2.EXE 2124 _CACHE~2.EXE 2124 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 2076 _CACHE~2.EXE 1064 _CACHE~2.EXE 1064 _CACHE~2.EXE 1064 _CACHE~2.EXE 936 _CACHE~2.EXE 936 _CACHE~2.EXE 936 _CACHE~2.EXE 616 _CACHE~2.EXE 616 _CACHE~2.EXE 616 _CACHE~2.EXE 616 _CACHE~2.EXE 952 _CACHE~2.EXE 952 _CACHE~2.EXE 952 _CACHE~2.EXE 2612 _CACHE~2.EXE 2612 _CACHE~2.EXE 2612 _CACHE~2.EXE 2184 _CACHE~2.EXE 2184 _CACHE~2.EXE 2184 _CACHE~2.EXE 752 _CACHE~2.EXE 752 _CACHE~2.EXE 752 _CACHE~2.EXE 752 _CACHE~2.EXE 2272 _CACHE~2.EXE 2272 _CACHE~2.EXE 2272 _CACHE~2.EXE 1536 _CACHE~2.EXE 1536 _CACHE~2.EXE 1536 _CACHE~2.EXE 2480 _CACHE~2.EXE 2480 _CACHE~2.EXE 2480 _CACHE~2.EXE 2144 _CACHE~2.EXE 2144 _CACHE~2.EXE 2144 _CACHE~2.EXE 3052 _CACHE~2.EXE 3052 _CACHE~2.EXE 3052 _CACHE~2.EXE 2404 _CACHE~2.EXE 2404 _CACHE~2.EXE 2404 _CACHE~2.EXE 1160 _CACHE~2.EXE 1160 _CACHE~2.EXE -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXE_CACHE~2.EXEdescription pid process Token: SeSystemProfilePrivilege 2004 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2004 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2004 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2124 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2124 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2124 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2076 _CACHE~2.EXE Token: SeSystemProfilePrivilege 1064 _CACHE~2.EXE Token: SeSystemProfilePrivilege 1064 _CACHE~2.EXE Token: SeSystemProfilePrivilege 1064 _CACHE~2.EXE Token: SeSystemProfilePrivilege 936 _CACHE~2.EXE Token: SeSystemProfilePrivilege 936 _CACHE~2.EXE Token: SeSystemProfilePrivilege 936 _CACHE~2.EXE Token: SeSystemProfilePrivilege 616 _CACHE~2.EXE Token: SeSystemProfilePrivilege 616 _CACHE~2.EXE Token: SeSystemProfilePrivilege 616 _CACHE~2.EXE Token: SeSystemProfilePrivilege 616 _CACHE~2.EXE Token: SeSystemProfilePrivilege 952 _CACHE~2.EXE Token: SeSystemProfilePrivilege 952 _CACHE~2.EXE Token: SeSystemProfilePrivilege 952 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2612 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2612 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2612 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2184 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2184 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2184 _CACHE~2.EXE Token: SeSystemProfilePrivilege 752 _CACHE~2.EXE Token: SeSystemProfilePrivilege 752 _CACHE~2.EXE Token: SeSystemProfilePrivilege 752 _CACHE~2.EXE Token: SeSystemProfilePrivilege 752 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2272 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2272 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2272 _CACHE~2.EXE Token: SeSystemProfilePrivilege 1536 _CACHE~2.EXE Token: SeSystemProfilePrivilege 1536 _CACHE~2.EXE Token: SeSystemProfilePrivilege 1536 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2480 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2480 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2480 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2144 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2144 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2144 _CACHE~2.EXE Token: SeSystemProfilePrivilege 3052 _CACHE~2.EXE Token: SeSystemProfilePrivilege 3052 _CACHE~2.EXE Token: SeSystemProfilePrivilege 3052 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2404 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2404 _CACHE~2.EXE Token: SeSystemProfilePrivilege 2404 _CACHE~2.EXE Token: SeSystemProfilePrivilege 1160 _CACHE~2.EXE Token: SeSystemProfilePrivilege 1160 _CACHE~2.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exee16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exesvchost.comSynaptics.exe_CACHE~1.EXE._cache_Synaptics.exesvchost.com_CACHE~2.EXESynaptics.exe._cache_Synaptics.exesvchost.com_CACHE~2.EXEdescription pid process target process PID 2240 wrote to memory of 3044 2240 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe PID 2240 wrote to memory of 3044 2240 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe PID 2240 wrote to memory of 3044 2240 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe PID 2240 wrote to memory of 3044 2240 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe PID 3044 wrote to memory of 2636 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe PID 3044 wrote to memory of 2636 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe PID 3044 wrote to memory of 2636 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe PID 3044 wrote to memory of 2636 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe PID 2636 wrote to memory of 2556 2636 ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe svchost.com PID 2636 wrote to memory of 2556 2636 ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe svchost.com PID 2636 wrote to memory of 2556 2636 ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe svchost.com PID 2636 wrote to memory of 2556 2636 ._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe svchost.com PID 2556 wrote to memory of 2564 2556 svchost.com _CACHE~1.EXE PID 2556 wrote to memory of 2564 2556 svchost.com _CACHE~1.EXE PID 2556 wrote to memory of 2564 2556 svchost.com _CACHE~1.EXE PID 2556 wrote to memory of 2564 2556 svchost.com _CACHE~1.EXE PID 3044 wrote to memory of 2464 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe Synaptics.exe PID 3044 wrote to memory of 2464 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe Synaptics.exe PID 3044 wrote to memory of 2464 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe Synaptics.exe PID 3044 wrote to memory of 2464 3044 e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe Synaptics.exe PID 2464 wrote to memory of 2816 2464 Synaptics.exe ._cache_Synaptics.exe PID 2464 wrote to memory of 2816 2464 Synaptics.exe ._cache_Synaptics.exe PID 2464 wrote to memory of 2816 2464 Synaptics.exe ._cache_Synaptics.exe PID 2464 wrote to memory of 2816 2464 Synaptics.exe ._cache_Synaptics.exe PID 2564 wrote to memory of 2804 2564 _CACHE~1.EXE ._cache__CACHE~1.EXE PID 2564 wrote to memory of 2804 2564 _CACHE~1.EXE ._cache__CACHE~1.EXE PID 2564 wrote to memory of 2804 2564 _CACHE~1.EXE ._cache__CACHE~1.EXE PID 2564 wrote to memory of 2804 2564 _CACHE~1.EXE ._cache__CACHE~1.EXE PID 2816 wrote to memory of 1656 2816 ._cache_Synaptics.exe svchost.com PID 2816 wrote to memory of 1656 2816 ._cache_Synaptics.exe svchost.com PID 2816 wrote to memory of 1656 2816 ._cache_Synaptics.exe svchost.com PID 2816 wrote to memory of 1656 2816 ._cache_Synaptics.exe svchost.com PID 1656 wrote to memory of 2004 1656 svchost.com _CACHE~2.EXE PID 1656 wrote to memory of 2004 1656 svchost.com _CACHE~2.EXE PID 1656 wrote to memory of 2004 1656 svchost.com _CACHE~2.EXE PID 1656 wrote to memory of 2004 1656 svchost.com _CACHE~2.EXE PID 2004 wrote to memory of 1112 2004 _CACHE~2.EXE ._cache__CACHE~2.EXE PID 2004 wrote to memory of 1112 2004 _CACHE~2.EXE ._cache__CACHE~2.EXE PID 2004 wrote to memory of 1112 2004 _CACHE~2.EXE ._cache__CACHE~2.EXE PID 2004 wrote to memory of 1112 2004 _CACHE~2.EXE ._cache__CACHE~2.EXE PID 2004 wrote to memory of 1628 2004 _CACHE~2.EXE Synaptics.exe PID 2004 wrote to memory of 1628 2004 _CACHE~2.EXE Synaptics.exe PID 2004 wrote to memory of 1628 2004 _CACHE~2.EXE Synaptics.exe PID 2004 wrote to memory of 1628 2004 _CACHE~2.EXE Synaptics.exe PID 1628 wrote to memory of 1156 1628 Synaptics.exe ._cache_Synaptics.exe PID 1628 wrote to memory of 1156 1628 Synaptics.exe ._cache_Synaptics.exe PID 1628 wrote to memory of 1156 1628 Synaptics.exe ._cache_Synaptics.exe PID 1628 wrote to memory of 1156 1628 Synaptics.exe ._cache_Synaptics.exe PID 1156 wrote to memory of 912 1156 ._cache_Synaptics.exe svchost.com PID 1156 wrote to memory of 912 1156 ._cache_Synaptics.exe svchost.com PID 1156 wrote to memory of 912 1156 ._cache_Synaptics.exe svchost.com PID 1156 wrote to memory of 912 1156 ._cache_Synaptics.exe svchost.com PID 912 wrote to memory of 2124 912 svchost.com _CACHE~2.EXE PID 912 wrote to memory of 2124 912 svchost.com _CACHE~2.EXE PID 912 wrote to memory of 2124 912 svchost.com _CACHE~2.EXE PID 912 wrote to memory of 2124 912 svchost.com _CACHE~2.EXE PID 2124 wrote to memory of 1316 2124 _CACHE~2.EXE ._cache__CACHE~2.EXE PID 2124 wrote to memory of 1316 2124 _CACHE~2.EXE ._cache__CACHE~2.EXE PID 2124 wrote to memory of 1316 2124 _CACHE~2.EXE ._cache__CACHE~2.EXE PID 2124 wrote to memory of 1316 2124 _CACHE~2.EXE ._cache__CACHE~2.EXE PID 2124 wrote to memory of 280 2124 _CACHE~2.EXE Synaptics.exe PID 2124 wrote to memory of 280 2124 _CACHE~2.EXE Synaptics.exe PID 2124 wrote to memory of 280 2124 _CACHE~2.EXE Synaptics.exe PID 2124 wrote to memory of 280 2124 _CACHE~2.EXE Synaptics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe"C:\Users\Admin\AppData\Local\Temp\e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe"1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe"C:\Users\Admin\AppData\Local\Temp\._cache_e16012cd42c8eb1346233b056618375166954eaf7c24021e7f7fb1b59cbde972.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE"6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 6687⤵
- Loads dropped DLL
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate6⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 6608⤵
- Loads dropped DLL
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate8⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate9⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate10⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 66412⤵
- Loads dropped DLL
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate11⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate12⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate13⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate14⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 66016⤵
- Loads dropped DLL
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate15⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate16⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate17⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate18⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 66420⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate19⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate20⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate21⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate22⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 66024⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate24⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate25⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate26⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 66428⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate28⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate29⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate30⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 66432⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate32⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate33⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate34⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 66036⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate36⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate37⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate38⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 66040⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate40⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate42⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 66044⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate44⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate45⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate46⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 66048⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate48⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate49⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate50⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate51⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 66052⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate51⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate52⤵
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate53⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate54⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate55⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 66456⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate55⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate56⤵
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate57⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate58⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate59⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 66460⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate59⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate60⤵
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate61⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate62⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate63⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 66464⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate63⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate64⤵
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate65⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate66⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate67⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 66468⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate67⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate68⤵
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate69⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate70⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate71⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 66072⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate71⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate72⤵
- Drops file in Windows directory
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate73⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate74⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate75⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 66476⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate75⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate76⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate77⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate78⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate79⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 66080⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate79⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate80⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate81⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate82⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate83⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 66084⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate83⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate84⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate85⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate86⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate87⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 66488⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate87⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate88⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate89⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate90⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate91⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 66092⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate91⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate92⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate93⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate94⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate95⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 66496⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate95⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate96⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate97⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate98⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate99⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 660100⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate99⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate100⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate101⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate102⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate103⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 668104⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate103⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate104⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate105⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate106⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate107⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 660108⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate107⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate108⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate109⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate110⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate111⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 660112⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate111⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate112⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate113⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate114⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate115⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 664116⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate115⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate116⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate117⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate118⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate119⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 664120⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate119⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate120⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate121⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate122⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate123⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 660124⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate123⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate124⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate125⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate126⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate127⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 664128⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate127⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate128⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate129⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate130⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate131⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 660132⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate131⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate132⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate133⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate134⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate135⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 664136⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate135⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate136⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate137⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate138⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate139⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 660140⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate139⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate140⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate141⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate142⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate143⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 664144⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate143⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate144⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate145⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate146⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate147⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 660148⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate147⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate148⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate149⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate150⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate151⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 664152⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate151⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate152⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate153⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate154⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate155⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 660156⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate155⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate156⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate157⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate158⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate159⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 660160⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate159⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate160⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate161⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate162⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate163⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 664164⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate163⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate164⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate165⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate166⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate167⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 660168⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate167⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate168⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate169⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate170⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate171⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 664172⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate171⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate172⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate173⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate174⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate175⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 664176⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate175⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate176⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate177⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate178⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate179⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 660180⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate179⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate180⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate181⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate182⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate183⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 660184⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate183⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate184⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate185⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate186⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate187⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 660188⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate187⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate188⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate189⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate190⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate191⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 668192⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate191⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate192⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate193⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate194⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate195⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 664196⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate195⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate196⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate197⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate198⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate199⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 664200⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate199⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate200⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate201⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate202⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate203⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 660204⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate203⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate204⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate205⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate206⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate207⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 660208⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate207⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate208⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate209⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate210⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate211⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 664212⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate211⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate212⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate213⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate214⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate215⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 660216⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate215⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate216⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate217⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate218⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate219⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 664220⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate219⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate220⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate221⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate222⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate223⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 660224⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate223⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate224⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate225⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate226⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate227⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 660228⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate227⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate228⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate229⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate230⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate231⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 660232⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate231⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate232⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate233⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate234⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate235⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 660236⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate235⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate236⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate237⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXEC:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate238⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate239⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 660240⤵
- Program crash
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate239⤵
-
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate240⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate241⤵