Malware Analysis Report

2025-01-18 16:52

Sample ID 231010-tfxsbagd53
Target OInstall.exe
SHA256 3a216b9390f1c46b8e49d43c63211a76e236510ef545eda83ddd8084f605f956
Tags
netwire botnet rat stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3a216b9390f1c46b8e49d43c63211a76e236510ef545eda83ddd8084f605f956

Threat Level: Known bad

The file OInstall.exe was found to be: Known bad.

Malicious Activity Summary

netwire botnet rat stealer

Netwire

NetWire RAT payload

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks BIOS information in registry

AutoIT Executable

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-10 16:00

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-10 16:00

Reported

2023-10-10 16:03

Platform

win7-20230831-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

Signatures

NetWire RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Netwire

botnet stealer netwire

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2960 set thread context of 516 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2616 set thread context of 1508 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2880 set thread context of 2008 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 796 set thread context of 1652 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2612 set thread context of 1588 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2868 set thread context of 2292 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2856 set thread context of 808 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1780 set thread context of 2228 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1076 set thread context of 2052 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1600 set thread context of 2760 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2168 set thread context of 840 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1520 set thread context of 2840 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 928 set thread context of 2952 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2980 set thread context of 2032 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1784 set thread context of 2700 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1624 set thread context of 796 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1424 set thread context of 2396 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2956 set thread context of 2028 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2540 set thread context of 1556 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2680 set thread context of 2232 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2400 set thread context of 2260 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 908 set thread context of 2300 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1716 set thread context of 2116 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2612 set thread context of 2968 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1588 set thread context of 1344 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1508 set thread context of 2964 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1356 set thread context of 828 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2164 set thread context of 2868 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1576 set thread context of 1868 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2600 set thread context of 2000 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2696 set thread context of 1648 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2908 set thread context of 944 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1232 set thread context of 2796 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1560 set thread context of 1084 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 568 set thread context of 2872 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1424 set thread context of 2112 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2536 set thread context of 1152 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2716 set thread context of 2544 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1148 set thread context of 1144 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2532 set thread context of 2620 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2240 set thread context of 1540 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2172 set thread context of 1608 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2940 set thread context of 1264 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1992 set thread context of 2240 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2908 set thread context of 1888 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2904 set thread context of 1840 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 624 set thread context of 2480 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2592 set thread context of 2532 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1388 set thread context of 576 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2892 set thread context of 2592 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2036 set thread context of 436 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2496 set thread context of 2420 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 836 set thread context of 3224 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2144 set thread context of 3312 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 884 set thread context of 3464 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2612 set thread context of 3564 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2516 set thread context of 3656 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2128 set thread context of 3824 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3128 set thread context of 3936 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3200 set thread context of 4044 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3328 set thread context of 3108 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3432 set thread context of 3248 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3556 set thread context of 3452 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3696 set thread context of 3572 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1696 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 1696 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 1696 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 1696 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 1696 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 1696 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 1696 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 1696 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 1696 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 1696 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 1696 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 1696 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 1696 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 1696 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2828 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2828 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2828 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2828 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2828 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2828 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2828 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2828 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2828 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2828 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2828 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2828 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2828 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2828 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2624 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2624 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2624 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2624 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2624 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2624 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2624 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2624 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2624 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2624 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2624 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2624 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2624 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2624 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2840 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2840 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2840 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2840 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2840 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2840 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2840 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2840 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2840 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2840 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2840 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2840 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2840 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2840 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2560 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2560 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2560 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2560 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2560 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2560 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2560 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2560 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe

Processes

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 280

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 280

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 280

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 280

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 280

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/2960-18-0x0000000001160000-0x00000000011B2000-memory.dmp

memory/2960-19-0x0000000000B90000-0x0000000000BB8000-memory.dmp

memory/2960-20-0x00000000009D0000-0x00000000009EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/2960-76-0x0000000000A40000-0x0000000000A43000-memory.dmp

memory/516-77-0x0000000000400000-0x000000000042B000-memory.dmp

memory/516-79-0x0000000000400000-0x000000000042B000-memory.dmp

memory/516-81-0x0000000000400000-0x000000000042B000-memory.dmp

memory/808-111-0x0000000000400000-0x000000000042B000-memory.dmp

memory/808-113-0x0000000000400000-0x000000000042B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-10 16:00

Reported

2023-10-10 16:03

Platform

win10v2004-20230915-en

Max time kernel

152s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

Signatures

NetWire RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Netwire

botnet stealer netwire

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\install.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4444 set thread context of 4068 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4816 set thread context of 3376 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2292 set thread context of 4644 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3476 set thread context of 3344 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2284 set thread context of 2872 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1956 set thread context of 3544 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 744 set thread context of 2472 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4400 set thread context of 3536 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4656 set thread context of 4700 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 1732 set thread context of 3424 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3076 set thread context of 1600 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4652 set thread context of 3764 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2872 set thread context of 2448 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4680 set thread context of 932 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2824 set thread context of 1616 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 776 set thread context of 4444 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4260 set thread context of 2440 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3484 set thread context of 1548 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3228 set thread context of 3076 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3320 set thread context of 3648 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2872 set thread context of 3912 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3100 set thread context of 2124 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 856 set thread context of 4300 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1020 set thread context of 1732 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4340 set thread context of 1920 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1924 set thread context of 3980 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4512 set thread context of 3084 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4272 set thread context of 2648 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4744 set thread context of 1548 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 520 set thread context of 1488 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4496 set thread context of 1808 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4660 set thread context of 1200 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4172 set thread context of 4068 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3164 set thread context of 4020 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4340 set thread context of 2340 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2984 set thread context of 1908 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4988 set thread context of 1020 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 640 set thread context of 3164 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4468 set thread context of 2164 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4388 set thread context of 1204 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 1892 set thread context of 4556 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3300 set thread context of 4744 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 396 set thread context of 372 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4528 set thread context of 4752 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3980 set thread context of 4444 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2008 set thread context of 992 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4624 set thread context of 2872 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4856 set thread context of 844 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 520 set thread context of 2420 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 940 set thread context of 3076 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4704 set thread context of 1284 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 3828 set thread context of 4156 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2468 set thread context of 4504 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\install.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4804 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4804 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4804 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4804 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4804 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4804 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4776 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4776 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4776 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4776 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4776 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4776 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4256 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4256 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4256 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4256 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4256 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4256 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 740 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 740 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 740 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 740 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 740 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 740 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2884 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2884 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2884 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2884 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2884 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2884 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4752 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4752 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4752 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4752 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4752 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4752 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 4444 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4444 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4444 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4444 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2148 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2148 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2148 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 4816 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4816 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4816 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4816 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4816 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4816 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4816 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2148 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2148 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2148 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2292 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2292 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2292 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2292 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 2688 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2688 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2688 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\OInstall.exe
PID 2688 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2688 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 2688 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\OInstall.exe C:\Users\Admin\AppData\Local\Temp\install.exe
PID 3476 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\install.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Processes

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4068 -ip 4068

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3376 -ip 3376

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 580

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4644 -ip 4644

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3344 -ip 3344

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2872 -ip 2872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 588

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3544 -ip 3544

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 588

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2472 -ip 2472

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3536 -ip 3536

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4700 -ip 4700

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 588

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3424 -ip 3424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1600 -ip 1600

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3764 -ip 3764

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 580

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2448 -ip 2448

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 932 -ip 932

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1616 -ip 1616

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4444 -ip 4444

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2440 -ip 2440

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1548 -ip 1548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3076 -ip 3076

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3648 -ip 3648

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3912 -ip 3912

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2124 -ip 2124

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4300 -ip 4300

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1732 -ip 1732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1920 -ip 1920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3980 -ip 3980

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3084 -ip 3084

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2648 -ip 2648

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1548 -ip 1548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 588

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1488 -ip 1488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 588

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1808 -ip 1808

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1200 -ip 1200

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4068 -ip 4068

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4020 -ip 4020

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 600

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2340 -ip 2340

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 588

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1908 -ip 1908

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1020 -ip 1020

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 588

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3164 -ip 3164

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2164 -ip 2164

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1204 -ip 1204

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4556 -ip 4556

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4744 -ip 4744

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 372 -ip 372

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 608

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4752 -ip 4752

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 580

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4444 -ip 4444

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 992 -ip 992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2872 -ip 2872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 844 -ip 844

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 592

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2420 -ip 2420

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3076 -ip 3076

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1284 -ip 1284

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4156 -ip 4156

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 588

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4504 -ip 4504

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3424 -ip 3424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2380 -ip 2380

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4236 -ip 4236

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 580

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4468 -ip 4468

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1052 -ip 1052

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 584

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2008 -ip 2008

C:\Users\Admin\AppData\Local\Temp\OInstall.exe

"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 580

C:\Users\Admin\AppData\Local\Temp\install.exe

"C:\Users\Admin\AppData\Local\Temp\install.exe"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 254.1.248.8.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 112.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 254.209.247.8.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/4444-11-0x0000000000840000-0x0000000000892000-memory.dmp

memory/4444-12-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4444-13-0x0000000002A90000-0x0000000002AA0000-memory.dmp

memory/4444-14-0x0000000002A40000-0x0000000002A68000-memory.dmp

memory/4444-15-0x0000000005120000-0x000000000513E000-memory.dmp

memory/4444-16-0x00000000056F0000-0x0000000005C94000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/4816-18-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4816-19-0x0000000005630000-0x0000000005640000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/2292-21-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/2292-22-0x0000000004870000-0x0000000004880000-memory.dmp

memory/4444-23-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4444-24-0x0000000002A90000-0x0000000002AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/3476-26-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/3476-27-0x0000000005760000-0x0000000005770000-memory.dmp

memory/4816-28-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4816-29-0x0000000005630000-0x0000000005640000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/2284-31-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/2292-33-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/2292-34-0x0000000004870000-0x0000000004880000-memory.dmp

memory/1956-35-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4444-36-0x0000000005190000-0x0000000005193000-memory.dmp

memory/4068-37-0x0000000000400000-0x000000000042B000-memory.dmp

memory/4444-40-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4068-41-0x0000000000400000-0x000000000042B000-memory.dmp

memory/4068-43-0x0000000000400000-0x000000000042B000-memory.dmp

memory/3476-47-0x0000000005760000-0x0000000005770000-memory.dmp

memory/3476-46-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\install.exe.log

MD5 3ca2f9e6a94c24c455ac9431a0bf479b
SHA1 a90309eec691588990609f8f8ad9b935d6f38eb2
SHA256 e84d0c64750ec6333b67eb8aef737bb21cd86c6ef6e520c6537ede13505e125e
SHA512 ba66e42b384f0d865a21d9169169a0b2bd9c62ebee68acc63a191b1a67ca16f4534f955055fc84bbc4a9cd22cec11c3c22a15df7741d99b7dec456e5cabcb0b5

memory/4816-54-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/744-55-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/744-56-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/2284-58-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/2292-62-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4644-61-0x0000000000400000-0x000000000042B000-memory.dmp

memory/4644-64-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/4400-67-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

memory/4400-66-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/1956-68-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/3476-73-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/3344-75-0x0000000000400000-0x000000000042B000-memory.dmp

memory/3344-72-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/744-77-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/4656-80-0x0000000003110000-0x0000000003120000-memory.dmp

memory/4656-79-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/744-81-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

memory/2284-84-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/1732-89-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/1732-90-0x0000000005590000-0x00000000055A0000-memory.dmp

memory/4400-91-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4400-92-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

memory/1956-95-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/3076-100-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4656-102-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4656-104-0x0000000003110000-0x0000000003120000-memory.dmp

memory/744-107-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/4652-112-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4652-113-0x00000000058F0000-0x0000000005900000-memory.dmp

memory/1732-115-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4400-118-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/2872-124-0x0000000004C90000-0x0000000004CA0000-memory.dmp

memory/2872-123-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/3076-126-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4656-130-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/4680-135-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/4680-137-0x00000000052D0000-0x00000000052E0000-memory.dmp

memory/4652-138-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4652-139-0x00000000058F0000-0x0000000005900000-memory.dmp

memory/1732-143-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/2824-149-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/2824-150-0x0000000004BF0000-0x0000000004C00000-memory.dmp

memory/2872-152-0x0000000004C90000-0x0000000004CA0000-memory.dmp

memory/2872-151-0x0000000074380000-0x0000000074B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

memory/3764-168-0x0000000000400000-0x000000000042B000-memory.dmp

memory/3764-170-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

C:\Users\Admin\AppData\Local\Temp\install.exe

MD5 6037361243f8c390326debbea5b85ac2
SHA1 654fca850890949bbbd41a7e4c481ab89e10839a
SHA256 b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5
SHA512 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929