Analysis Overview
SHA256
9e60d8f8d14a520f023015e9b7e1254756a0bbebe294707cd705f5262b2e07b5
Threat Level: Known bad
The file Setup.exe was found to be: Known bad.
Malicious Activity Summary
NanoCore
Executes dropped EXE
Checks computer location settings
Checks whether UAC is enabled
Adds Run key to start application
Checks installed software on the system
Suspicious use of SetThreadContext
Drops file in Program Files directory
Program crash
Unsigned PE
Enumerates physical storage devices
NSIS installer
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of UnmapMainImage
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Creates scheduled task(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-06 08:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-06 08:28
Reported
2024-05-06 08:31
Platform
win10v2004-20240419-en
Max time kernel
57s
Max time network
149s
Command Line
Signatures
NanoCore
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
Executes dropped EXE
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\LAN Subsystem = "C:\\Program Files (x86)\\LAN Subsystem\\lanss.exe" | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\LAN Subsystem\lanss.exe | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
| File opened for modification | C:\Program Files (x86)\LAN Subsystem\lanss.exe | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Enumerates physical storage devices
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 692 -ip 692
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4416 -ip 4416
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "LAN Subsystem" /xml "C:\Users\Admin\AppData\Local\Temp\tmp3940.tmp"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "LAN Subsystem Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp3A2B.tmp"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 764 -ip 764
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 624 -ip 624
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4120 -ip 4120
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 12
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3928 -ip 3928
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3448 -ip 3448
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1888 -ip 1888
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5096 -ip 5096
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4004 -ip 4004
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1168 -ip 1168
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2084 -ip 2084
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 952 -ip 952
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4964 -ip 4964
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5252 -ip 5252
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1304 -ip 1304
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3192 -ip 3192
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5444 -ip 5444
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 12
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3688 -ip 3688
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4548 -ip 4548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3712 -ip 3712
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5224 -ip 5224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5208 -ip 5208
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 12
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1736 -ip 1736
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv mXfW2m4PJUO9GCKGbSDFZQ.0.2
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4204 -ip 4204
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5376 -ip 5376
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3168 -ip 3168
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5884 -ip 5884
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1260 -ip 1260
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5700 -ip 5700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3272 -ip 3272
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5000 -ip 5000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 12
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1520 -ip 1520
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1348 -ip 1348
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1876 -ip 1876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5596 -ip 5596
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5416 -ip 5416
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4308 -ip 4308
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3816 -ip 3816
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2232 -ip 2232
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4876 -ip 4876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5180 -ip 5180
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 440 -ip 440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 920 -ip 920
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5440 -ip 5440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 244 -ip 244
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 244 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2624 -ip 2624
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2408 -ip 2408
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2972 -ip 2972
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1768 -ip 1768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4580 -ip 4580
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6068 -ip 6068
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6092 -ip 6092
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3832 -ip 3832
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4512 -ip 4512
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 548 -ip 548
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 412 -ip 412
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 556 -ip 556
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 12
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4956 -ip 4956
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5584 -ip 5584
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2264 -ip 2264
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 12
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1704 -ip 1704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2464 -ip 2464
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 60 -ip 60
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 12
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4868 -ip 4868
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1232 -ip 1232
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 12
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4016 -ip 4016
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 652 -ip 652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 12
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1564 -ip 1564
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5420 -ip 5420
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 80
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 716 -ip 716
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 80
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3416 -ip 3416
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 12
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
| MD5 | ec4bf11a6689c525a9c02342919b81d2 |
| SHA1 | 3e762f4bcfe9325548b50349bdc270bdd8a111f3 |
| SHA256 | 4480ba3f495510f75d218068c22164d98d275199ccdaf6e0f5b53cf355b8be80 |
| SHA512 | c23360725bb6dcbe23106f5206a8e1e97366e6ef4baea5c81fe7d0c50916ae7e19cc85a4b9545c7c723aef9fee5ff0e845700a7ee3626530da1a0739df5b716c |
memory/5740-11-0x0000000073132000-0x0000000073133000-memory.dmp
memory/5740-12-0x0000000073130000-0x00000000736E1000-memory.dmp
memory/5740-13-0x0000000073130000-0x00000000736E1000-memory.dmp
memory/5740-19-0x0000000073130000-0x00000000736E1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Chrome.exe.log
| MD5 | c19eb8c8e7a40e6b987f9d2ee952996e |
| SHA1 | 6fc3049855bc9100643e162511673c6df0f28bfb |
| SHA256 | 677e9e30350df17e2bc20fa9f7d730e9f7cc6e870d6520a345f5f7dc5b31f58a |
| SHA512 | 860713b4a787c2189ed12a47d4b68b60ac00c7a253cae52dd4eb9276dacafeae3a81906b6d0742c8ecfdfaa255777c445beb7c2a532f3c677a9903237ac97596 |
memory/5680-20-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp3940.tmp
| MD5 | 57ef41cc35a47d5ff922ec5a0d06aaa7 |
| SHA1 | 0ae2172ca0e2578109243328ee57a68190252578 |
| SHA256 | ba13669de506ecfb43f5dc2b2acb6f392ad3d7daf9c9ad1c56359c6405de3a07 |
| SHA512 | 58bdff3f27838934400b3bc21e69d8c2dfdcb0d5afc9ef5f4b0b5da83df603952abd6e804c3abcd50657f1c91dabc647d999f3d24b0b73990e3bd3abffddfa47 |
C:\Users\Admin\AppData\Local\Temp\tmp3A2B.tmp
| MD5 | 924694e208642d4d8a4c7e0f0cba0de1 |
| SHA1 | 87e9496a918036c3e3902f125b95a47e38548828 |
| SHA256 | 8de0bab59a9fe15f312e81a373382ed992ce5110deb3813f663b92cfc5eae0b6 |
| SHA512 | ef3cfc08df53777f13fb51fdc0269f6f686c0df57c4dd72f395dc53d1d8ef2b08e33c3601507a45c3cc31a25b70ebf365d0fa93db64e1e851173216a45c49c2c |
memory/4120-68-0x0000000000410000-0x0000000000430000-memory.dmp
memory/5224-149-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-06 08:28
Reported
2024-05-06 08:32
Platform
win10v2004-20240419-en
Max time kernel
135s
Max time network
143s
Command Line
Signatures
NanoCore
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WPA Service = "C:\\Program Files (x86)\\WPA Service\\wpasvc.exe" | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4808 set thread context of 4744 | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | C:\Users\Admin\AppData\Local\Temp\Chrome.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\WPA Service\wpasvc.exe | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WPA Service\wpasvc.exe | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Users\Admin\AppData\Local\Temp\Chrome.exe
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "WPA Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmp4C8A.tmp"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "WPA Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp4EFC.tmp"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
| US | 8.8.8.8:53 | haxorbaba.duckdns.org | udp |
| DE | 193.42.11.31:1604 | haxorbaba.duckdns.org | tcp |
Files
memory/4808-0-0x0000000075412000-0x0000000075413000-memory.dmp
memory/4808-1-0x0000000075410000-0x00000000759C1000-memory.dmp
memory/4808-2-0x0000000075410000-0x00000000759C1000-memory.dmp
memory/4744-3-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Chrome.exe.log
| MD5 | c19eb8c8e7a40e6b987f9d2ee952996e |
| SHA1 | 6fc3049855bc9100643e162511673c6df0f28bfb |
| SHA256 | 677e9e30350df17e2bc20fa9f7d730e9f7cc6e870d6520a345f5f7dc5b31f58a |
| SHA512 | 860713b4a787c2189ed12a47d4b68b60ac00c7a253cae52dd4eb9276dacafeae3a81906b6d0742c8ecfdfaa255777c445beb7c2a532f3c677a9903237ac97596 |
memory/4808-6-0x0000000075410000-0x00000000759C1000-memory.dmp
memory/4744-7-0x0000000075410000-0x00000000759C1000-memory.dmp
memory/4744-8-0x0000000075410000-0x00000000759C1000-memory.dmp
memory/4744-12-0x0000000075410000-0x00000000759C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp4C8A.tmp
| MD5 | 57ef41cc35a47d5ff922ec5a0d06aaa7 |
| SHA1 | 0ae2172ca0e2578109243328ee57a68190252578 |
| SHA256 | ba13669de506ecfb43f5dc2b2acb6f392ad3d7daf9c9ad1c56359c6405de3a07 |
| SHA512 | 58bdff3f27838934400b3bc21e69d8c2dfdcb0d5afc9ef5f4b0b5da83df603952abd6e804c3abcd50657f1c91dabc647d999f3d24b0b73990e3bd3abffddfa47 |
C:\Users\Admin\AppData\Local\Temp\tmp4EFC.tmp
| MD5 | 1c18d34e4c00b9a6b81126a2f10bbb74 |
| SHA1 | 9c975e7627bdb8d7af3615684d59fa02c3b81902 |
| SHA256 | ee68aecf2917fd9ddd167e6403d3149ac3dd7f346f3c9c66b6d75620b0ccd621 |
| SHA512 | 75a3ecebd55c8e433199122925c7c612fe3ea23a93fbca10ed83c80f11396da428581e36c42e98a0eef5210630cea040ed0da076bfcb620ddb38dee7152b816d |
memory/4744-17-0x0000000075410000-0x00000000759C1000-memory.dmp
memory/4744-18-0x0000000075410000-0x00000000759C1000-memory.dmp
memory/4744-19-0x0000000075410000-0x00000000759C1000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-06 08:28
Reported
2024-05-06 08:32
Platform
win10v2004-20240419-en
Max time kernel
132s
Max time network
134s
Command Line
Signatures
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Microsoft.Threading.Tasks.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Mono.Cecil.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Newtonsoft.Json.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Vestris.ResourceLib.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Read Me First.txt | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\GongSolutions.Wpf.DragDrop.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\MahApps.Metro.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\NLog.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Ookii.Dialogs.Wpf.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\starksoft.aspen.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Be.Windows.Forms.HexBox.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Exceptionless.Extras.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\GongSolutions.Wpf.DragDrop.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.StaticCommands.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.Wpf.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\nUpdate.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Orcus.Administration.exe | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.Xps.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.Xps.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\How To Open Port All Tutorial.url | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Be.Windows.Forms.HexBox.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\FluentCommandLineParser.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\MahApps.Metro.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Ookii.Dialogs.Wpf.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.Wpf.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\FluentCommandLineParser.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\starksoft.aspen.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Uninstall.ini | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.Licensing.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Shared.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\starksoft.aspen.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\server\certificate.pfx | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\OrcusPatcher.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\FluentCommandLineParser.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\ICSharpCode.AvalonEdit.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\BuildPumper.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\DisableWebcamLights.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\server\database.sqlite | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Exceptionless.Portable.xml | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\ApplicationAudioPack.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\NotificationCenter.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\OxyPlot.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\AlphaChiTech.Virtualization.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.Plugins.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Shared.Utilities.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\System.Windows.Interactivity.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\GamerView.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\Orcus.Administration.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\How To Setup a Rat.url | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Sorzus.Wpf.Toolkit.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\BSoDProtection.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\Screamer.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.Commands.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\AlphaChiTech.Virtualization.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.StaticCommands.pdb | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\license.orcus | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\ExtensionSpoofer.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\log.txt | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\plugins\ServerStressTest.orcplg | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\settings.json | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\CSCore.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\nUpdate.dll | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/4496-15-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Program Files (x86)\Ethical Hacking\Orcus Rat\libraries\Orcus.Administration.Licensing.pdb
| MD5 | 70e207da89961cd32217eabbe3ac0791 |
| SHA1 | 305ba309e762a128ae098e5bf0241ba71f3a331e |
| SHA256 | 83f968c6682b0e52b217daa6aa3da21be6967aa194a14631f43cc76c11a142e9 |
| SHA512 | 8d9de9a9b3ad265a1df7bd7ab790db639d6ef4b871275a5b2fbb72f9b324cc3158d2073de2de78692fa7ffe64e78e31e7d7f75cb3b50c0d6513da21094bad075 |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 4d6f877098bd5380b41801007b389edc |
| SHA1 | d5f4a5277f66158aa4073ec13e94a13fdda5e0a7 |
| SHA256 | d9b13d7f25761fb923aa1b630760a7779b93b93ba4978e429f13c1b22051c1da |
| SHA512 | 0204b530a7b8199efecb739823d0eb8fbb42b9e348aa3ec920c8ab4831f47cfccb51c00dcddc0fa05439134d60455fa6f98c28acaa98e9e9fea5ce7638b1deaf |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 09f93824b1cd2e99c1558553490e57ca |
| SHA1 | f3caf991413a9638188af7a8840a360dd314e22b |
| SHA256 | 699eb437404697f9c57b5124c7c4760339eb313348903fd1d3d3e9c4b0139e54 |
| SHA512 | 3c63f4b3dbf0ce43353c0668ec7f68f090b1d4a6a5458063dc052836e5c8b17a7299fcc7714dade54936640e1f96e4f224c86de60b9970b51f01f4656da6cf50 |
memory/4496-329-0x0000000000400000-0x0000000000433000-memory.dmp
memory/556-330-0x000001F7417E0000-0x000001F7417E1000-memory.dmp
memory/556-332-0x000001F7417E0000-0x000001F7417E1000-memory.dmp
memory/556-331-0x000001F7417E0000-0x000001F7417E1000-memory.dmp
memory/556-342-0x000001F7417E0000-0x000001F7417E1000-memory.dmp
memory/556-341-0x000001F7417E0000-0x000001F7417E1000-memory.dmp
memory/556-340-0x000001F7417E0000-0x000001F7417E1000-memory.dmp
memory/556-339-0x000001F7417E0000-0x000001F7417E1000-memory.dmp
memory/556-338-0x000001F7417E0000-0x000001F7417E1000-memory.dmp
memory/556-337-0x000001F7417E0000-0x000001F7417E1000-memory.dmp
memory/556-336-0x000001F7417E0000-0x000001F7417E1000-memory.dmp