Malware Analysis Report

2024-10-19 07:12

Sample ID 240506-kc7cxaee7z
Target Setup.exe
SHA256 9e60d8f8d14a520f023015e9b7e1254756a0bbebe294707cd705f5262b2e07b5
Tags
nanocore evasion keylogger persistence spyware stealer trojan discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9e60d8f8d14a520f023015e9b7e1254756a0bbebe294707cd705f5262b2e07b5

Threat Level: Known bad

The file Setup.exe was found to be: Known bad.

Malicious Activity Summary

nanocore evasion keylogger persistence spyware stealer trojan discovery

NanoCore

Executes dropped EXE

Checks computer location settings

Checks whether UAC is enabled

Adds Run key to start application

Checks installed software on the system

Suspicious use of SetThreadContext

Drops file in Program Files directory

Program crash

Unsigned PE

Enumerates physical storage devices

NSIS installer

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of UnmapMainImage

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Creates scheduled task(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-06 08:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 08:28

Reported

2024-05-06 08:31

Platform

win10v2004-20240419-en

Max time kernel

57s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\LAN Subsystem = "C:\\Program Files (x86)\\LAN Subsystem\\lanss.exe" C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5740 set thread context of 692 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 60 set thread context of 5680 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1052 set thread context of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2948 set thread context of 4868 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2260 set thread context of 884 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3328 set thread context of 2080 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1520 set thread context of 736 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3108 set thread context of 4792 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1004 set thread context of 920 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 6104 set thread context of 764 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3024 set thread context of 4116 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2208 set thread context of 4468 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5492 set thread context of 1736 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 1116 set thread context of 624 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5644 set thread context of 5652 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1356 set thread context of 4120 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3288 set thread context of 2328 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3848 set thread context of 3928 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4184 set thread context of 6088 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 4448 set thread context of 4024 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3308 set thread context of 3068 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 756 set thread context of 3448 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1624 set thread context of 1888 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5344 set thread context of 6128 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5768 set thread context of 5628 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5640 set thread context of 2628 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 6140 set thread context of 5096 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5224 set thread context of 4004 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3208 set thread context of 3148 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4416 set thread context of 624 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4304 set thread context of 2096 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4380 set thread context of 1168 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3816 set thread context of 2084 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2152 set thread context of 4168 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3820 set thread context of 3272 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 3192 set thread context of 952 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 640 set thread context of 4964 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3112 set thread context of 4148 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 216 set thread context of 3376 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5900 set thread context of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2624 set thread context of 4280 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5576 set thread context of 5132 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1932 set thread context of 1836 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4252 set thread context of 4632 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3788 set thread context of 5252 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3476 set thread context of 1304 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2232 set thread context of 4844 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2308 set thread context of 2152 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 6032 set thread context of 5264 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1288 set thread context of 3192 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5912 set thread context of 640 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 1952 set thread context of 5444 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5592 set thread context of 3688 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5232 set thread context of 4548 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2696 set thread context of 3860 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\WerFault.exe
PID 1688 set thread context of 3652 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\System32\sihclient.exe
PID 2984 set thread context of 2376 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 692 set thread context of 3712 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3048 set thread context of 5516 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2172 set thread context of 3816 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4608 set thread context of 5668 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4152 set thread context of 1240 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3108 set thread context of 3284 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 5916 set thread context of 2612 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\LAN Subsystem\lanss.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File opened for modification C:\Program Files (x86)\LAN Subsystem\lanss.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1364 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 1364 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 1364 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 1364 wrote to memory of 5740 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1364 wrote to memory of 5740 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1364 wrote to memory of 5740 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5740 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5740 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5740 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5740 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5740 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5740 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5740 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5740 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3928 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 3928 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 3928 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 3928 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3928 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3928 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 60 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 60 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 60 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 60 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 60 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 60 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 60 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 60 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3608 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 3608 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 3608 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 3608 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3608 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 3608 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1052 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1052 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1052 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1052 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1052 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1052 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1052 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1052 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 5680 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 5680 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 5680 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 5680 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 5680 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 5680 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 1788 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 1788 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 1788 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 1788 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1788 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1788 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2948 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2948 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2948 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2948 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2948 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2948 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2948 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2948 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2492 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe
PID 2492 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 692 -ip 692

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4416 -ip 4416

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /create /f /tn "LAN Subsystem" /xml "C:\Users\Admin\AppData\Local\Temp\tmp3940.tmp"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /create /f /tn "LAN Subsystem Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp3A2B.tmp"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 764 -ip 764

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 624 -ip 624

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4120 -ip 4120

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 12

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3928 -ip 3928

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3448 -ip 3448

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1888 -ip 1888

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5096 -ip 5096

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4004 -ip 4004

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1168 -ip 1168

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2084 -ip 2084

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 952 -ip 952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4964 -ip 4964

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5252 -ip 5252

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1304 -ip 1304

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3192 -ip 3192

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5444 -ip 5444

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 12

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3688 -ip 3688

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4548 -ip 4548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3712 -ip 3712

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5224 -ip 5224

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5208 -ip 5208

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 12

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1736 -ip 1736

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv mXfW2m4PJUO9GCKGbSDFZQ.0.2

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4204 -ip 4204

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5376 -ip 5376

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3168 -ip 3168

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5884 -ip 5884

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1260 -ip 1260

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5700 -ip 5700

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3272 -ip 3272

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5000 -ip 5000

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 12

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1520 -ip 1520

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1348 -ip 1348

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1876 -ip 1876

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5596 -ip 5596

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5416 -ip 5416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4308 -ip 4308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3816 -ip 3816

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2232 -ip 2232

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4440 -ip 4440

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4876 -ip 4876

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5180 -ip 5180

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 440 -ip 440

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 920 -ip 920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5440 -ip 5440

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 244 -ip 244

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 244 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2624 -ip 2624

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2408 -ip 2408

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2972 -ip 2972

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1768 -ip 1768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4580 -ip 4580

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6068 -ip 6068

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6092 -ip 6092

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3832 -ip 3832

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4512 -ip 4512

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 548 -ip 548

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 412 -ip 412

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 556 -ip 556

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 12

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4956 -ip 4956

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5584 -ip 5584

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2264 -ip 2264

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 12

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1704 -ip 1704

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2464 -ip 2464

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 60 -ip 60

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 12

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4868 -ip 4868

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1232 -ip 1232

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 12

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4016 -ip 4016

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 652 -ip 652

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 12

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1564 -ip 1564

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5420 -ip 5420

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 80

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 716 -ip 716

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 80

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3416 -ip 3416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 12

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp

Files

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

MD5 ec4bf11a6689c525a9c02342919b81d2
SHA1 3e762f4bcfe9325548b50349bdc270bdd8a111f3
SHA256 4480ba3f495510f75d218068c22164d98d275199ccdaf6e0f5b53cf355b8be80
SHA512 c23360725bb6dcbe23106f5206a8e1e97366e6ef4baea5c81fe7d0c50916ae7e19cc85a4b9545c7c723aef9fee5ff0e845700a7ee3626530da1a0739df5b716c

memory/5740-11-0x0000000073132000-0x0000000073133000-memory.dmp

memory/5740-12-0x0000000073130000-0x00000000736E1000-memory.dmp

memory/5740-13-0x0000000073130000-0x00000000736E1000-memory.dmp

memory/5740-19-0x0000000073130000-0x00000000736E1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Chrome.exe.log

MD5 c19eb8c8e7a40e6b987f9d2ee952996e
SHA1 6fc3049855bc9100643e162511673c6df0f28bfb
SHA256 677e9e30350df17e2bc20fa9f7d730e9f7cc6e870d6520a345f5f7dc5b31f58a
SHA512 860713b4a787c2189ed12a47d4b68b60ac00c7a253cae52dd4eb9276dacafeae3a81906b6d0742c8ecfdfaa255777c445beb7c2a532f3c677a9903237ac97596

memory/5680-20-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp3940.tmp

MD5 57ef41cc35a47d5ff922ec5a0d06aaa7
SHA1 0ae2172ca0e2578109243328ee57a68190252578
SHA256 ba13669de506ecfb43f5dc2b2acb6f392ad3d7daf9c9ad1c56359c6405de3a07
SHA512 58bdff3f27838934400b3bc21e69d8c2dfdcb0d5afc9ef5f4b0b5da83df603952abd6e804c3abcd50657f1c91dabc647d999f3d24b0b73990e3bd3abffddfa47

C:\Users\Admin\AppData\Local\Temp\tmp3A2B.tmp

MD5 924694e208642d4d8a4c7e0f0cba0de1
SHA1 87e9496a918036c3e3902f125b95a47e38548828
SHA256 8de0bab59a9fe15f312e81a373382ed992ce5110deb3813f663b92cfc5eae0b6
SHA512 ef3cfc08df53777f13fb51fdc0269f6f686c0df57c4dd72f395dc53d1d8ef2b08e33c3601507a45c3cc31a25b70ebf365d0fa93db64e1e851173216a45c49c2c

memory/4120-68-0x0000000000410000-0x0000000000430000-memory.dmp

memory/5224-149-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-06 08:28

Reported

2024-05-06 08:32

Platform

win10v2004-20240419-en

Max time kernel

135s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WPA Service = "C:\\Program Files (x86)\\WPA Service\\wpasvc.exe" C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4808 set thread context of 4744 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\WPA Service\wpasvc.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File opened for modification C:\Program Files (x86)\WPA Service\wpasvc.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4808 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4808 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4808 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4808 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4808 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4808 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4808 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4808 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4744 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 4744 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 4744 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 4744 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 4744 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe
PID 4744 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Windows\SysWOW64\schtasks.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /create /f /tn "WPA Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmp4C8A.tmp"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /create /f /tn "WPA Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp4EFC.tmp"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 49.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp

Files

memory/4808-0-0x0000000075412000-0x0000000075413000-memory.dmp

memory/4808-1-0x0000000075410000-0x00000000759C1000-memory.dmp

memory/4808-2-0x0000000075410000-0x00000000759C1000-memory.dmp

memory/4744-3-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Chrome.exe.log

MD5 c19eb8c8e7a40e6b987f9d2ee952996e
SHA1 6fc3049855bc9100643e162511673c6df0f28bfb
SHA256 677e9e30350df17e2bc20fa9f7d730e9f7cc6e870d6520a345f5f7dc5b31f58a
SHA512 860713b4a787c2189ed12a47d4b68b60ac00c7a253cae52dd4eb9276dacafeae3a81906b6d0742c8ecfdfaa255777c445beb7c2a532f3c677a9903237ac97596

memory/4808-6-0x0000000075410000-0x00000000759C1000-memory.dmp

memory/4744-7-0x0000000075410000-0x00000000759C1000-memory.dmp

memory/4744-8-0x0000000075410000-0x00000000759C1000-memory.dmp

memory/4744-12-0x0000000075410000-0x00000000759C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp4C8A.tmp

MD5 57ef41cc35a47d5ff922ec5a0d06aaa7
SHA1 0ae2172ca0e2578109243328ee57a68190252578
SHA256 ba13669de506ecfb43f5dc2b2acb6f392ad3d7daf9c9ad1c56359c6405de3a07
SHA512 58bdff3f27838934400b3bc21e69d8c2dfdcb0d5afc9ef5f4b0b5da83df603952abd6e804c3abcd50657f1c91dabc647d999f3d24b0b73990e3bd3abffddfa47

C:\Users\Admin\AppData\Local\Temp\tmp4EFC.tmp

MD5 1c18d34e4c00b9a6b81126a2f10bbb74
SHA1 9c975e7627bdb8d7af3615684d59fa02c3b81902
SHA256 ee68aecf2917fd9ddd167e6403d3149ac3dd7f346f3c9c66b6d75620b0ccd621
SHA512 75a3ecebd55c8e433199122925c7c612fe3ea23a93fbca10ed83c80f11396da428581e36c42e98a0eef5210630cea040ed0da076bfcb620ddb38dee7152b816d

memory/4744-17-0x0000000075410000-0x00000000759C1000-memory.dmp

memory/4744-18-0x0000000075410000-0x00000000759C1000-memory.dmp

memory/4744-19-0x0000000075410000-0x00000000759C1000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-06 08:28

Reported

2024-05-06 08:32

Platform

win10v2004-20240419-en

Max time kernel

132s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

Signatures

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Microsoft.Threading.Tasks.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Mono.Cecil.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Newtonsoft.Json.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Vestris.ResourceLib.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Read Me First.txt C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\GongSolutions.Wpf.DragDrop.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\MahApps.Metro.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\NLog.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Ookii.Dialogs.Wpf.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\starksoft.aspen.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Be.Windows.Forms.HexBox.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Exceptionless.Extras.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\GongSolutions.Wpf.DragDrop.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.StaticCommands.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.Wpf.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\nUpdate.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Orcus.Administration.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.Xps.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.Xps.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\How To Open Port All Tutorial.url C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Be.Windows.Forms.HexBox.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\FluentCommandLineParser.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\MahApps.Metro.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Ookii.Dialogs.Wpf.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.Wpf.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\FluentCommandLineParser.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\starksoft.aspen.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File created C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Uninstall.ini C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.Licensing.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Shared.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\starksoft.aspen.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\server\certificate.pfx C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\OrcusPatcher.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\FluentCommandLineParser.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\ICSharpCode.AvalonEdit.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\BuildPumper.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\DisableWebcamLights.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\server\database.sqlite C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Exceptionless.Portable.xml C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\ApplicationAudioPack.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\NotificationCenter.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\AlphaChiTech.Virtualization.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.Plugins.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Shared.Utilities.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\System.Windows.Interactivity.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\GamerView.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Orcus.Administration.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\How To Setup a Rat.url C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Sorzus.Wpf.Toolkit.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\BSoDProtection.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\Screamer.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.Commands.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\AlphaChiTech.Virtualization.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.StaticCommands.pdb C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\license.orcus C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\ExtensionSpoofer.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\log.txt C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\ServerStressTest.orcplg C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\settings.json C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\CSCore.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\nUpdate.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 51.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/4496-15-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.Licensing.pdb

MD5 70e207da89961cd32217eabbe3ac0791
SHA1 305ba309e762a128ae098e5bf0241ba71f3a331e
SHA256 83f968c6682b0e52b217daa6aa3da21be6967aa194a14631f43cc76c11a142e9
SHA512 8d9de9a9b3ad265a1df7bd7ab790db639d6ef4b871275a5b2fbb72f9b324cc3158d2073de2de78692fa7ffe64e78e31e7d7f75cb3b50c0d6513da21094bad075

C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

MD5 4d6f877098bd5380b41801007b389edc
SHA1 d5f4a5277f66158aa4073ec13e94a13fdda5e0a7
SHA256 d9b13d7f25761fb923aa1b630760a7779b93b93ba4978e429f13c1b22051c1da
SHA512 0204b530a7b8199efecb739823d0eb8fbb42b9e348aa3ec920c8ab4831f47cfccb51c00dcddc0fa05439134d60455fa6f98c28acaa98e9e9fea5ce7638b1deaf

C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

MD5 09f93824b1cd2e99c1558553490e57ca
SHA1 f3caf991413a9638188af7a8840a360dd314e22b
SHA256 699eb437404697f9c57b5124c7c4760339eb313348903fd1d3d3e9c4b0139e54
SHA512 3c63f4b3dbf0ce43353c0668ec7f68f090b1d4a6a5458063dc052836e5c8b17a7299fcc7714dade54936640e1f96e4f224c86de60b9970b51f01f4656da6cf50

memory/4496-329-0x0000000000400000-0x0000000000433000-memory.dmp

memory/556-330-0x000001F7417E0000-0x000001F7417E1000-memory.dmp

memory/556-332-0x000001F7417E0000-0x000001F7417E1000-memory.dmp

memory/556-331-0x000001F7417E0000-0x000001F7417E1000-memory.dmp

memory/556-342-0x000001F7417E0000-0x000001F7417E1000-memory.dmp

memory/556-341-0x000001F7417E0000-0x000001F7417E1000-memory.dmp

memory/556-340-0x000001F7417E0000-0x000001F7417E1000-memory.dmp

memory/556-339-0x000001F7417E0000-0x000001F7417E1000-memory.dmp

memory/556-338-0x000001F7417E0000-0x000001F7417E1000-memory.dmp

memory/556-337-0x000001F7417E0000-0x000001F7417E1000-memory.dmp

memory/556-336-0x000001F7417E0000-0x000001F7417E1000-memory.dmp