Malware Analysis Report

2025-08-11 00:25

Sample ID 221001-wjt7psaecp
Target df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4
SHA256 df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4
Tags
neshta persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4

Threat Level: Known bad

The file df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4 was found to be: Known bad.

Malicious Activity Summary

neshta persistence spyware stealer

Detect Neshta payload

Neshta

Modifies system executable filetype association

Neshta family

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-10-01 17:57

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Neshta family

neshta

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-01 17:57

Reported

2022-10-01 18:10

Platform

win7-20220812-en

Max time kernel

205s

Max time network

45s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\Setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\OIS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wab.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1732 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe
PID 1732 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe
PID 1732 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe
PID 1732 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe
PID 1524 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Windows\svchost.com
PID 1524 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Windows\svchost.com
PID 1524 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Windows\svchost.com
PID 1524 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Windows\svchost.com
PID 1692 wrote to memory of 1832 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1692 wrote to memory of 1832 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1692 wrote to memory of 1832 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1692 wrote to memory of 1832 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1832 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1832 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1832 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1832 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 468 wrote to memory of 1812 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 468 wrote to memory of 1812 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 468 wrote to memory of 1812 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 468 wrote to memory of 1812 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1812 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1812 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1812 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1812 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 316 wrote to memory of 1840 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 316 wrote to memory of 1840 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 316 wrote to memory of 1840 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 316 wrote to memory of 1840 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1840 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1840 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1840 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1840 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1552 wrote to memory of 1252 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1552 wrote to memory of 1252 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1552 wrote to memory of 1252 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1552 wrote to memory of 1252 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1252 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1252 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1252 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1252 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1052 wrote to memory of 296 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1052 wrote to memory of 296 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1052 wrote to memory of 296 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1052 wrote to memory of 296 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 296 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 296 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 296 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 296 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1496 wrote to memory of 1616 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1496 wrote to memory of 1616 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1496 wrote to memory of 1616 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1496 wrote to memory of 1616 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1616 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1616 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1616 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1616 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 816 wrote to memory of 1672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 816 wrote to memory of 1672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 816 wrote to memory of 1672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 816 wrote to memory of 1672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1672 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1672 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1672 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1672 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

"C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

Network

N/A

Files

memory/1732-54-0x0000000075521000-0x0000000075523000-memory.dmp

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1524-57-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/1692-63-0x0000000000000000-mapping.dmp

C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe

MD5 58b58875a50a0d8b5e7be7d6ac685164
SHA1 1e0b89c1b2585c76e758e9141b846ed4477b0662
SHA256 2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae
SHA512 d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1832-69-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/468-73-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1812-80-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/316-84-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1840-91-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe

MD5 cf6c595d3e5e9667667af096762fd9c4
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d
SHA512 ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 02ee6a3424782531461fb2f10713d3c1
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc
SHA512 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec

C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 566ed4f62fdc96f175afedd811fa0370
SHA1 d4b47adc40e0d5a9391d3f6f2942d1889dd2a451
SHA256 e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460
SHA512 cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7

memory/1552-98-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1252-105-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1052-109-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/296-116-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1496-120-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1616-127-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/816-131-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1672-138-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1312-142-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1380-149-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1428-153-0x0000000000000000-mapping.dmp

memory/1832-155-0x0000000000000000-mapping.dmp

memory/1916-157-0x0000000000000000-mapping.dmp

memory/1624-159-0x0000000000000000-mapping.dmp

memory/1812-161-0x0000000000000000-mapping.dmp

memory/788-163-0x0000000000000000-mapping.dmp

memory/1132-165-0x0000000000000000-mapping.dmp

memory/1548-167-0x0000000000000000-mapping.dmp

memory/268-169-0x0000000000000000-mapping.dmp

memory/748-171-0x0000000000000000-mapping.dmp

memory/1308-173-0x0000000000000000-mapping.dmp

memory/1252-175-0x0000000000000000-mapping.dmp

memory/1944-177-0x0000000000000000-mapping.dmp

memory/1384-179-0x0000000000000000-mapping.dmp

memory/1500-181-0x0000000000000000-mapping.dmp

memory/1752-183-0x0000000000000000-mapping.dmp

memory/1496-185-0x0000000000000000-mapping.dmp

memory/1616-187-0x0000000000000000-mapping.dmp

memory/1600-189-0x0000000000000000-mapping.dmp

memory/1608-191-0x0000000000000000-mapping.dmp

memory/1412-193-0x0000000000000000-mapping.dmp

memory/1268-195-0x0000000000000000-mapping.dmp

memory/1816-197-0x0000000000000000-mapping.dmp

memory/1336-199-0x0000000000000000-mapping.dmp

memory/664-201-0x0000000000000000-mapping.dmp

memory/648-203-0x0000000000000000-mapping.dmp

memory/752-205-0x0000000000000000-mapping.dmp

memory/300-207-0x0000000000000000-mapping.dmp

memory/636-209-0x0000000000000000-mapping.dmp

memory/1544-211-0x0000000000000000-mapping.dmp

memory/1264-213-0x0000000000000000-mapping.dmp

memory/1840-215-0x0000000000000000-mapping.dmp

memory/1736-217-0x0000000000000000-mapping.dmp

memory/1772-219-0x0000000000000000-mapping.dmp

memory/1684-221-0x0000000000000000-mapping.dmp

memory/1636-223-0x0000000000000000-mapping.dmp

memory/1516-225-0x0000000000000000-mapping.dmp

memory/1112-227-0x0000000000000000-mapping.dmp

memory/552-229-0x0000000000000000-mapping.dmp

memory/1028-231-0x0000000000000000-mapping.dmp

memory/1792-233-0x0000000000000000-mapping.dmp

memory/1496-235-0x0000000000000000-mapping.dmp

memory/2016-237-0x0000000000000000-mapping.dmp

memory/1600-239-0x0000000000000000-mapping.dmp

memory/1820-241-0x0000000000000000-mapping.dmp

memory/1412-243-0x0000000000000000-mapping.dmp

memory/556-245-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-01 17:57

Reported

2022-10-01 18:09

Platform

win10v2004-20220901-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Windows\svchost.com N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Windows\svchost.com N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Windows\svchost.com N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13167~1.21\MICROS~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13167~1.21\MI391D~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wabmig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13167~1.21\MICROS~3.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13167~1.21\MIA062~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13167~1.21\MICROS~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13167~1.21\MICROS~4.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wab.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13167~1.21\MICROS~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13167~1.21\MI9C33~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\WI8A19~1\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Windows\svchost.com N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Windows\svchost.com N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Windows\svchost.com N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4864 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe
PID 4864 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe
PID 4864 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe
PID 2788 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Windows\svchost.com
PID 2788 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Windows\svchost.com
PID 2788 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe C:\Windows\svchost.com
PID 972 wrote to memory of 1144 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 972 wrote to memory of 1144 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 972 wrote to memory of 1144 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1144 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1144 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1144 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 3832 wrote to memory of 3492 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 3832 wrote to memory of 3492 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 3832 wrote to memory of 3492 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 3492 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 3492 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 3492 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 2716 wrote to memory of 3900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 2716 wrote to memory of 3900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 2716 wrote to memory of 3900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 3900 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 3900 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 3900 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 2564 wrote to memory of 2812 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 2564 wrote to memory of 2812 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 2564 wrote to memory of 2812 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 2812 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 2812 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 2812 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 3720 wrote to memory of 5040 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 3720 wrote to memory of 5040 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 3720 wrote to memory of 5040 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 5040 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 5040 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 5040 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 4876 wrote to memory of 4232 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 4876 wrote to memory of 4232 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 4876 wrote to memory of 4232 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 4232 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 4232 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 4232 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 4980 wrote to memory of 2904 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 4980 wrote to memory of 2904 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 4980 wrote to memory of 2904 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 2904 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 2904 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 2904 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 2980 wrote to memory of 4740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 2980 wrote to memory of 4740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 2980 wrote to memory of 4740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 4740 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 4740 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 4740 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 3528 wrote to memory of 1668 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 3528 wrote to memory of 1668 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 3528 wrote to memory of 1668 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1668 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1668 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 1668 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com
PID 852 wrote to memory of 1752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 852 wrote to memory of 1752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 852 wrote to memory of 1752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE
PID 1752 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

"C:\Users\Admin\AppData\Local\Temp\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\DF13CA~1.EXE"

Network

Country Destination Domain Proto
GB 8.238.8.126:80 tcp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
GB 8.248.183.254:80 tcp
GB 8.248.183.254:80 tcp
FR 2.18.109.224:443 tcp
IE 20.50.80.209:443 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp

Files

memory/2788-132-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/972-135-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\odt\OFFICE~1.EXE

MD5 02c3d242fe142b0eabec69211b34bc55
SHA1 ea0a4a6d6078b362f7b3a4ad1505ce49957dc16e
SHA256 2a1ed24be7e3859b46ec3ebc316789ead5f12055853f86a9656e04b4bb771842
SHA512 0efb08492eaaa2e923beddc21566e98fbbef3a102f9415ff310ec616f5c84fd2ba3a7025b05e01c0bdf37e5e2f64dfd845f9254a376144cc7d827e7577dbb099

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/1144-139-0x0000000000000000-mapping.dmp

memory/3832-141-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3492-144-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/2716-147-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

memory/3900-151-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/2564-153-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

memory/2812-157-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/3720-159-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

memory/5040-163-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/4876-165-0x0000000000000000-mapping.dmp

memory/4232-168-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/4980-171-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/2904-175-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

memory/2980-177-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

memory/4740-181-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3528-183-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1668-187-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/852-189-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

memory/1752-193-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/4704-195-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

memory/2660-199-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/3552-201-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3944-205-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/2972-207-0x0000000000000000-mapping.dmp

memory/1372-210-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2968-213-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

memory/1348-217-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/1212-219-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9b9e5e9b85f0922b258549de89d6a5e1
SHA1 85b21a6773990b29aa62fba89277866918537f39
SHA256 fc1f5136b19316efeb192ab62e6414c891f4b57afbaa763b41ecf6b85b2516bc
SHA512 ce379a713fd3de1cde3e60ad3feefed4d615c688767c8f98120765044fe879db0676c5898b483598b3259a5c24efb27ac3086fc7e519dd206faa70361c0650e7

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2392-223-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\df13ca1256d284f08e53ec81bc7af42e63faec50091a0bbfa0bcdac7238041d4.exe

MD5 5b90981e6c925e4e98b31cf376c2e0e5
SHA1 4a297a8929d2730c490dffca0f62547a0156d733
SHA256 961cde53b2ff2ab0da266d509c67b0ccb46c7490c67e3f24137113239b4484a6
SHA512 163d7dab3940e4aeb0b7b9f04d8c2a9d349ede86b555e78664145d1a406692f2203cb294b415d92c6ac46d66c3faf400ede5d06d97e9342afb39f91b412ebfcd

memory/3476-225-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2852-228-0x0000000000000000-mapping.dmp

memory/4040-229-0x0000000000000000-mapping.dmp

memory/4020-230-0x0000000000000000-mapping.dmp

memory/4260-231-0x0000000000000000-mapping.dmp

memory/3316-232-0x0000000000000000-mapping.dmp

memory/2300-233-0x0000000000000000-mapping.dmp

memory/1868-234-0x0000000000000000-mapping.dmp

memory/3996-235-0x0000000000000000-mapping.dmp

memory/948-236-0x0000000000000000-mapping.dmp

memory/4500-237-0x0000000000000000-mapping.dmp

memory/4772-238-0x0000000000000000-mapping.dmp

memory/4036-239-0x0000000000000000-mapping.dmp

memory/3712-240-0x0000000000000000-mapping.dmp

memory/3116-241-0x0000000000000000-mapping.dmp

memory/2864-242-0x0000000000000000-mapping.dmp

memory/880-243-0x0000000000000000-mapping.dmp

memory/2236-244-0x0000000000000000-mapping.dmp

memory/4232-245-0x0000000000000000-mapping.dmp

memory/1972-246-0x0000000000000000-mapping.dmp

memory/4272-247-0x0000000000000000-mapping.dmp

memory/1696-248-0x0000000000000000-mapping.dmp

memory/676-249-0x0000000000000000-mapping.dmp

memory/3420-250-0x0000000000000000-mapping.dmp

memory/4996-251-0x0000000000000000-mapping.dmp

memory/4120-252-0x0000000000000000-mapping.dmp

memory/4204-253-0x0000000000000000-mapping.dmp

memory/4192-254-0x0000000000000000-mapping.dmp

memory/2012-255-0x0000000000000000-mapping.dmp

memory/4532-256-0x0000000000000000-mapping.dmp

memory/2884-257-0x0000000000000000-mapping.dmp

memory/2396-258-0x0000000000000000-mapping.dmp

memory/2568-259-0x0000000000000000-mapping.dmp