Analysis Overview
SHA256
3a216b9390f1c46b8e49d43c63211a76e236510ef545eda83ddd8084f605f956
Threat Level: Known bad
The file OInstall.exe was found to be: Known bad.
Malicious Activity Summary
Netwire
NetWire RAT payload
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Checks BIOS information in registry
AutoIT Executable
Suspicious use of SetThreadContext
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-10 16:00
Signatures
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-10 16:00
Reported
2023-10-10 16:03
Platform
win7-20230831-en
Max time kernel
150s
Max time network
125s
Command Line
Signatures
NetWire RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Netwire
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Enumerates physical storage devices
Program crash
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 280
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 280
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 280
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 280
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 280
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 280
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 280
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 280
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 280
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 280
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 280
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/2960-18-0x0000000001160000-0x00000000011B2000-memory.dmp
memory/2960-19-0x0000000000B90000-0x0000000000BB8000-memory.dmp
memory/2960-20-0x00000000009D0000-0x00000000009EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/2960-76-0x0000000000A40000-0x0000000000A43000-memory.dmp
memory/516-77-0x0000000000400000-0x000000000042B000-memory.dmp
memory/516-79-0x0000000000400000-0x000000000042B000-memory.dmp
memory/516-81-0x0000000000400000-0x000000000042B000-memory.dmp
memory/808-111-0x0000000000400000-0x000000000042B000-memory.dmp
memory/808-113-0x0000000000400000-0x000000000042B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-10 16:00
Reported
2023-10-10 16:03
Platform
win10v2004-20230915-en
Max time kernel
152s
Max time network
158s
Command Line
Signatures
NetWire RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Netwire
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\OInstall.exe | N/A |
Executes dropped EXE
Suspicious use of SetThreadContext
Enumerates physical storage devices
Program crash
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\install.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4068 -ip 4068
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3376 -ip 3376
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 580
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4644 -ip 4644
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3344 -ip 3344
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2872 -ip 2872
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 588
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3544 -ip 3544
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 588
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2472 -ip 2472
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3536 -ip 3536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4700 -ip 4700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 588
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3424 -ip 3424
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1600 -ip 1600
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3764 -ip 3764
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 580
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2448 -ip 2448
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 932 -ip 932
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1616 -ip 1616
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4444 -ip 4444
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2440 -ip 2440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1548 -ip 1548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3076 -ip 3076
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3648 -ip 3648
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3912 -ip 3912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2124 -ip 2124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4300 -ip 4300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1732 -ip 1732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1920 -ip 1920
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3980 -ip 3980
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3084 -ip 3084
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2648 -ip 2648
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1548 -ip 1548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 588
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1488 -ip 1488
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 588
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1808 -ip 1808
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1200 -ip 1200
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4068 -ip 4068
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4020 -ip 4020
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 600
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2340 -ip 2340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 588
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1908 -ip 1908
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1020 -ip 1020
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 588
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3164 -ip 3164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2164 -ip 2164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1204 -ip 1204
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4556 -ip 4556
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4744 -ip 4744
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 372 -ip 372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 608
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4752 -ip 4752
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 580
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4444 -ip 4444
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 992 -ip 992
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2872 -ip 2872
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 844 -ip 844
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 592
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2420 -ip 2420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3076 -ip 3076
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1284 -ip 1284
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4156 -ip 4156
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 588
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4504 -ip 4504
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3424 -ip 3424
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2380 -ip 2380
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4236 -ip 4236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 580
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4468 -ip 4468
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1052 -ip 1052
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 584
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2008 -ip 2008
C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 580
C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.1.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.208.253.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.209.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/4444-11-0x0000000000840000-0x0000000000892000-memory.dmp
memory/4444-12-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4444-13-0x0000000002A90000-0x0000000002AA0000-memory.dmp
memory/4444-14-0x0000000002A40000-0x0000000002A68000-memory.dmp
memory/4444-15-0x0000000005120000-0x000000000513E000-memory.dmp
memory/4444-16-0x00000000056F0000-0x0000000005C94000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/4816-18-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4816-19-0x0000000005630000-0x0000000005640000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/2292-21-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/2292-22-0x0000000004870000-0x0000000004880000-memory.dmp
memory/4444-23-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4444-24-0x0000000002A90000-0x0000000002AA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/3476-26-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/3476-27-0x0000000005760000-0x0000000005770000-memory.dmp
memory/4816-28-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4816-29-0x0000000005630000-0x0000000005640000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/2284-31-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/2292-33-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/2292-34-0x0000000004870000-0x0000000004880000-memory.dmp
memory/1956-35-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4444-36-0x0000000005190000-0x0000000005193000-memory.dmp
memory/4068-37-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4444-40-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4068-41-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4068-43-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3476-47-0x0000000005760000-0x0000000005770000-memory.dmp
memory/3476-46-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\install.exe.log
| MD5 | 3ca2f9e6a94c24c455ac9431a0bf479b |
| SHA1 | a90309eec691588990609f8f8ad9b935d6f38eb2 |
| SHA256 | e84d0c64750ec6333b67eb8aef737bb21cd86c6ef6e520c6537ede13505e125e |
| SHA512 | ba66e42b384f0d865a21d9169169a0b2bd9c62ebee68acc63a191b1a67ca16f4534f955055fc84bbc4a9cd22cec11c3c22a15df7741d99b7dec456e5cabcb0b5 |
memory/4816-54-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/744-55-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/744-56-0x0000000004AA0000-0x0000000004AB0000-memory.dmp
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/2284-58-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/2292-62-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4644-61-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4644-64-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/4400-67-0x0000000004EE0000-0x0000000004EF0000-memory.dmp
memory/4400-66-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/1956-68-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/3476-73-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/3344-75-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3344-72-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/744-77-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/4656-80-0x0000000003110000-0x0000000003120000-memory.dmp
memory/4656-79-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/744-81-0x0000000004AA0000-0x0000000004AB0000-memory.dmp
memory/2284-84-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/1732-89-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/1732-90-0x0000000005590000-0x00000000055A0000-memory.dmp
memory/4400-91-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4400-92-0x0000000004EE0000-0x0000000004EF0000-memory.dmp
memory/1956-95-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/3076-100-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4656-102-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4656-104-0x0000000003110000-0x0000000003120000-memory.dmp
memory/744-107-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/4652-112-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4652-113-0x00000000058F0000-0x0000000005900000-memory.dmp
memory/1732-115-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4400-118-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/2872-124-0x0000000004C90000-0x0000000004CA0000-memory.dmp
memory/2872-123-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/3076-126-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4656-130-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/4680-135-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/4680-137-0x00000000052D0000-0x00000000052E0000-memory.dmp
memory/4652-138-0x0000000074380000-0x0000000074B30000-memory.dmp
memory/4652-139-0x00000000058F0000-0x0000000005900000-memory.dmp
memory/1732-143-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/2824-149-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/2824-150-0x0000000004BF0000-0x0000000004C00000-memory.dmp
memory/2872-152-0x0000000004C90000-0x0000000004CA0000-memory.dmp
memory/2872-151-0x0000000074380000-0x0000000074B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
memory/3764-168-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3764-170-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |
C:\Users\Admin\AppData\Local\Temp\install.exe
| MD5 | 6037361243f8c390326debbea5b85ac2 |
| SHA1 | 654fca850890949bbbd41a7e4c481ab89e10839a |
| SHA256 | b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5 |
| SHA512 | 434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929 |