Malware Analysis Report

2025-08-05 19:34

Sample ID 221013-z763ysefcn
Target 927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60
SHA256 927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60
Tags
neshta persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60

Threat Level: Known bad

The file 927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60 was found to be: Known bad.

Malicious Activity Summary

neshta persistence spyware stealer

Detect Neshta payload

Modifies system executable filetype association

Neshta

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-10-13 21:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-13 21:22

Reported

2022-10-14 01:33

Platform

win7-20220812-en

Max time kernel

190s

Max time network

46s

Command Line

"C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\INFOPATH.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DWTRIG20.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmprph.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\WMPDMC.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\Setup.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wab.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wabmig.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\misc.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DWTRIG20.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys N/A N/A
File opened for modification C:\Windows\directx.sys N/A N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1628 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 1628 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 1628 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 1628 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 1872 wrote to memory of 2016 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 1872 wrote to memory of 2016 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 1872 wrote to memory of 2016 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 1872 wrote to memory of 2016 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 2016 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 2016 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 2016 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 2016 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 1392 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 1392 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 1392 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 1392 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 964 wrote to memory of 1824 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 964 wrote to memory of 1824 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 964 wrote to memory of 1824 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 964 wrote to memory of 1824 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 1824 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.com
PID 1824 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.com
PID 1824 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.com
PID 1824 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.com
PID 1768 wrote to memory of 1352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1768 wrote to memory of 1352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1768 wrote to memory of 1352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1768 wrote to memory of 1352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1352 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 1352 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 1352 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 1352 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 1600 wrote to memory of 900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1600 wrote to memory of 900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1600 wrote to memory of 900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1600 wrote to memory of 900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 900 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 900 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 900 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 900 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2040 wrote to memory of 2028 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2040 wrote to memory of 2028 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2040 wrote to memory of 2028 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2040 wrote to memory of 2028 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2028 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2028 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2028 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2028 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 1360 wrote to memory of 1300 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1360 wrote to memory of 1300 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1360 wrote to memory of 1300 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1360 wrote to memory of 1300 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 1300 wrote to memory of 472 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 1300 wrote to memory of 472 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 1300 wrote to memory of 472 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 1300 wrote to memory of 472 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 472 wrote to memory of 596 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 472 wrote to memory of 596 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 472 wrote to memory of 596 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 472 wrote to memory of 596 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 596 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 596 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 596 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 596 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

"C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

"C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Windows\svchost.exe

C:\Windows\svchost.exe

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

Network

N/A

Files

memory/1872-54-0x0000000000000000-mapping.dmp

C:\Windows\svchost.exe

MD5 d9388c699c90425c544fafbd3e76d050
SHA1 259c77c0c962d3ed5e5c8cdb45136bcb7b0d6c85
SHA256 789927116a7af35162ae6e438536a90ad996a20ffbe060d615881ae62897e2c9
SHA512 3cc2632ec5933adcc8c17d7c5a5216a7ad7a09c7210cc6508901d0352f812ff48220bf928fb5804397c80ea2c443622df525f68dbc8f6667e30043913c2c9cd4

C:\Windows\svchost.exe

MD5 d9388c699c90425c544fafbd3e76d050
SHA1 259c77c0c962d3ed5e5c8cdb45136bcb7b0d6c85
SHA256 789927116a7af35162ae6e438536a90ad996a20ffbe060d615881ae62897e2c9
SHA512 3cc2632ec5933adcc8c17d7c5a5216a7ad7a09c7210cc6508901d0352f812ff48220bf928fb5804397c80ea2c443622df525f68dbc8f6667e30043913c2c9cd4

\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 5ebbf7204545ce084ffed3b0286a80bb
SHA1 8e8a1c01e8862e10e6a5bfb857e3965be1623100
SHA256 4f0a2f61c12656d7beeb8cac208677681842fb16fba9a70640f1e3f4f10ffb1e
SHA512 71b6a4d6d243d9aa8bc12a8d94cfa273c5fc5fd368dc2f3b67baa16d33dbe05db78ddb848c19471cebf57e2e54238d61f6fb76ccac9128e1b08372f9e496190b

\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 5ebbf7204545ce084ffed3b0286a80bb
SHA1 8e8a1c01e8862e10e6a5bfb857e3965be1623100
SHA256 4f0a2f61c12656d7beeb8cac208677681842fb16fba9a70640f1e3f4f10ffb1e
SHA512 71b6a4d6d243d9aa8bc12a8d94cfa273c5fc5fd368dc2f3b67baa16d33dbe05db78ddb848c19471cebf57e2e54238d61f6fb76ccac9128e1b08372f9e496190b

memory/2016-59-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 5ebbf7204545ce084ffed3b0286a80bb
SHA1 8e8a1c01e8862e10e6a5bfb857e3965be1623100
SHA256 4f0a2f61c12656d7beeb8cac208677681842fb16fba9a70640f1e3f4f10ffb1e
SHA512 71b6a4d6d243d9aa8bc12a8d94cfa273c5fc5fd368dc2f3b67baa16d33dbe05db78ddb848c19471cebf57e2e54238d61f6fb76ccac9128e1b08372f9e496190b

memory/2016-61-0x0000000074AD1000-0x0000000074AD3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 5ebbf7204545ce084ffed3b0286a80bb
SHA1 8e8a1c01e8862e10e6a5bfb857e3965be1623100
SHA256 4f0a2f61c12656d7beeb8cac208677681842fb16fba9a70640f1e3f4f10ffb1e
SHA512 71b6a4d6d243d9aa8bc12a8d94cfa273c5fc5fd368dc2f3b67baa16d33dbe05db78ddb848c19471cebf57e2e54238d61f6fb76ccac9128e1b08372f9e496190b

C:\Windows\svchost.exe

MD5 d9388c699c90425c544fafbd3e76d050
SHA1 259c77c0c962d3ed5e5c8cdb45136bcb7b0d6c85
SHA256 789927116a7af35162ae6e438536a90ad996a20ffbe060d615881ae62897e2c9
SHA512 3cc2632ec5933adcc8c17d7c5a5216a7ad7a09c7210cc6508901d0352f812ff48220bf928fb5804397c80ea2c443622df525f68dbc8f6667e30043913c2c9cd4

memory/1392-66-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 1455f28829e0865cc8888738dadd8c56
SHA1 8af9002345af4bc2888d2c13d1cca0c29272acb9
SHA256 5e7f2272c9616d11fcaeb0819584645c0e99882f50ac7fd3831d2e6ded1511cc
SHA512 04f110641457a659195f6b06eae838d15ee76e61a0aa120cfee16757f5de52582b9a1b1746c2ee36dac44c9b553aaf99a3925507977f14ed5bf21227c06d35f6

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 1455f28829e0865cc8888738dadd8c56
SHA1 8af9002345af4bc2888d2c13d1cca0c29272acb9
SHA256 5e7f2272c9616d11fcaeb0819584645c0e99882f50ac7fd3831d2e6ded1511cc
SHA512 04f110641457a659195f6b06eae838d15ee76e61a0aa120cfee16757f5de52582b9a1b1746c2ee36dac44c9b553aaf99a3925507977f14ed5bf21227c06d35f6

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 1455f28829e0865cc8888738dadd8c56
SHA1 8af9002345af4bc2888d2c13d1cca0c29272acb9
SHA256 5e7f2272c9616d11fcaeb0819584645c0e99882f50ac7fd3831d2e6ded1511cc
SHA512 04f110641457a659195f6b06eae838d15ee76e61a0aa120cfee16757f5de52582b9a1b1746c2ee36dac44c9b553aaf99a3925507977f14ed5bf21227c06d35f6

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 1455f28829e0865cc8888738dadd8c56
SHA1 8af9002345af4bc2888d2c13d1cca0c29272acb9
SHA256 5e7f2272c9616d11fcaeb0819584645c0e99882f50ac7fd3831d2e6ded1511cc
SHA512 04f110641457a659195f6b06eae838d15ee76e61a0aa120cfee16757f5de52582b9a1b1746c2ee36dac44c9b553aaf99a3925507977f14ed5bf21227c06d35f6

C:\Windows\svchost.exe

MD5 d9388c699c90425c544fafbd3e76d050
SHA1 259c77c0c962d3ed5e5c8cdb45136bcb7b0d6c85
SHA256 789927116a7af35162ae6e438536a90ad996a20ffbe060d615881ae62897e2c9
SHA512 3cc2632ec5933adcc8c17d7c5a5216a7ad7a09c7210cc6508901d0352f812ff48220bf928fb5804397c80ea2c443622df525f68dbc8f6667e30043913c2c9cd4

memory/964-70-0x0000000000000000-mapping.dmp

\MSOCache\ALLUSE~1\{9A861~1\ose.exe

MD5 9d10f99a6712e28f8acd5641e3a7ea6b
SHA1 835e982347db919a681ba12f3891f62152e50f0d
SHA256 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc
SHA512 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5

\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 4d92f518527353c0db88a70fddcfd390
SHA1 c4baffc19e7d1f0e0ebf73bab86a491c1d152f98
SHA256 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c
SHA512 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1824-75-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1768-80-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 4d92f518527353c0db88a70fddcfd390
SHA1 c4baffc19e7d1f0e0ebf73bab86a491c1d152f98
SHA256 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c
SHA512 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452

\MSOCache\ALLUSE~1\{9A861~1\ose.exe

MD5 9d10f99a6712e28f8acd5641e3a7ea6b
SHA1 835e982347db919a681ba12f3891f62152e50f0d
SHA256 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc
SHA512 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5

\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 a41e524f8d45f0074fd07805ff0c9b12
SHA1 948deacf95a60c3fdf17e0e4db1931a6f3fc5d38
SHA256 082329648337e5ba7377fed9d8a178809f37eecb8d795b93cca4ec07d8640ff7
SHA512 91bf4be7e82536a85a840dbc9f3ce7b7927d1cedf6391aac93989abae210620433e685b86a12d133a72369a4f8a665c46ac7fc9e8a806e2872d8b1514cbb305f

\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 a41e524f8d45f0074fd07805ff0c9b12
SHA1 948deacf95a60c3fdf17e0e4db1931a6f3fc5d38
SHA256 082329648337e5ba7377fed9d8a178809f37eecb8d795b93cca4ec07d8640ff7
SHA512 91bf4be7e82536a85a840dbc9f3ce7b7927d1cedf6391aac93989abae210620433e685b86a12d133a72369a4f8a665c46ac7fc9e8a806e2872d8b1514cbb305f

memory/1352-89-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1600-92-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/900-99-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/2040-102-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/2028-109-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1360-112-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1300-119-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/472-122-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/596-129-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1020-132-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1364-139-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1788-142-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1624-149-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

memory/1872-153-0x0000000000000000-mapping.dmp

memory/1116-155-0x0000000000000000-mapping.dmp

memory/1728-157-0x0000000000000000-mapping.dmp

memory/1732-159-0x0000000000000000-mapping.dmp

memory/1748-161-0x0000000000000000-mapping.dmp

memory/1528-163-0x0000000000000000-mapping.dmp

memory/288-165-0x0000000000000000-mapping.dmp

memory/1352-167-0x0000000000000000-mapping.dmp

memory/1040-169-0x0000000000000000-mapping.dmp

memory/1924-171-0x0000000000000000-mapping.dmp

memory/1944-173-0x0000000000000000-mapping.dmp

memory/1964-175-0x0000000000000000-mapping.dmp

memory/1992-177-0x0000000000000000-mapping.dmp

memory/2040-179-0x0000000000000000-mapping.dmp

memory/692-181-0x0000000000000000-mapping.dmp

memory/1216-183-0x0000000000000000-mapping.dmp

memory/436-185-0x0000000000000000-mapping.dmp

memory/1360-187-0x0000000000000000-mapping.dmp

memory/320-189-0x0000000000000000-mapping.dmp

memory/584-191-0x0000000000000000-mapping.dmp

memory/1552-193-0x0000000000000000-mapping.dmp

memory/1936-195-0x0000000000000000-mapping.dmp

memory/872-197-0x0000000000000000-mapping.dmp

memory/1628-199-0x0000000000000000-mapping.dmp

memory/632-201-0x0000000000000000-mapping.dmp

memory/1328-203-0x0000000000000000-mapping.dmp

memory/368-205-0x0000000000000000-mapping.dmp

memory/1284-207-0x0000000000000000-mapping.dmp

memory/1640-209-0x0000000000000000-mapping.dmp

memory/1232-211-0x0000000000000000-mapping.dmp

memory/932-213-0x0000000000000000-mapping.dmp

memory/1732-215-0x0000000000000000-mapping.dmp

memory/1700-217-0x0000000000000000-mapping.dmp

memory/1136-219-0x0000000000000000-mapping.dmp

memory/592-221-0x0000000000000000-mapping.dmp

memory/1656-223-0x0000000000000000-mapping.dmp

memory/1688-225-0x0000000000000000-mapping.dmp

memory/1480-227-0x0000000000000000-mapping.dmp

memory/1944-229-0x0000000000000000-mapping.dmp

memory/1964-231-0x0000000000000000-mapping.dmp

memory/2008-233-0x0000000000000000-mapping.dmp

memory/1804-235-0x0000000000000000-mapping.dmp

memory/1580-237-0x0000000000000000-mapping.dmp

memory/976-239-0x0000000000000000-mapping.dmp

memory/1576-241-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-13 21:22

Reported

2022-10-14 01:33

Platform

win10v2004-20220812-en

Max time kernel

149s

Max time network

182s

Command Line

"C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13165~1.21\MICROS~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13165~1.21\MI9C33~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13165~1.21\MICROS~3.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\Install\{9B826~1\MicrosoftEdgeUpdateSetup_X86_1.3.165.21.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13165~1.21\MICROS~2.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.71\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\WI8A19~1\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Windows\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1060 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 1060 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 1060 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 2512 wrote to memory of 996 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 2512 wrote to memory of 996 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 2512 wrote to memory of 996 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 996 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 996 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 996 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 4604 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 4604 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 4604 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.exe
PID 4980 wrote to memory of 812 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 4980 wrote to memory of 812 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 4980 wrote to memory of 812 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe
PID 812 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.com
PID 812 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.com
PID 812 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe C:\Windows\svchost.com
PID 2176 wrote to memory of 4660 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2176 wrote to memory of 4660 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2176 wrote to memory of 4660 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 4660 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 4660 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 4660 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 216 wrote to memory of 2352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 216 wrote to memory of 2352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 216 wrote to memory of 2352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2352 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2352 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2352 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 3820 wrote to memory of 4460 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 3820 wrote to memory of 4460 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 3820 wrote to memory of 4460 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 4460 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 4460 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 4460 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 764 wrote to memory of 3704 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 764 wrote to memory of 3704 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 764 wrote to memory of 3704 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 3704 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 3704 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 3704 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2132 wrote to memory of 4376 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2132 wrote to memory of 4376 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2132 wrote to memory of 4376 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 4376 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 4376 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 4376 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 4252 wrote to memory of 2740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 4252 wrote to memory of 2740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 4252 wrote to memory of 2740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2740 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2740 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2740 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2768 wrote to memory of 2464 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2768 wrote to memory of 2464 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2768 wrote to memory of 2464 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2464 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2464 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2464 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com
PID 2784 wrote to memory of 988 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2784 wrote to memory of 988 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 2784 wrote to memory of 988 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE
PID 988 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

"C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

"C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Windows\svchost.exe

C:\Windows\svchost.exe

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\927A01~1.EXE

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
FR 40.79.150.121:443 tcp

Files

memory/2512-132-0x0000000000000000-mapping.dmp

C:\Windows\svchost.exe

MD5 d9388c699c90425c544fafbd3e76d050
SHA1 259c77c0c962d3ed5e5c8cdb45136bcb7b0d6c85
SHA256 789927116a7af35162ae6e438536a90ad996a20ffbe060d615881ae62897e2c9
SHA512 3cc2632ec5933adcc8c17d7c5a5216a7ad7a09c7210cc6508901d0352f812ff48220bf928fb5804397c80ea2c443622df525f68dbc8f6667e30043913c2c9cd4

C:\Windows\svchost.exe

MD5 d9388c699c90425c544fafbd3e76d050
SHA1 259c77c0c962d3ed5e5c8cdb45136bcb7b0d6c85
SHA256 789927116a7af35162ae6e438536a90ad996a20ffbe060d615881ae62897e2c9
SHA512 3cc2632ec5933adcc8c17d7c5a5216a7ad7a09c7210cc6508901d0352f812ff48220bf928fb5804397c80ea2c443622df525f68dbc8f6667e30043913c2c9cd4

memory/996-135-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 5ebbf7204545ce084ffed3b0286a80bb
SHA1 8e8a1c01e8862e10e6a5bfb857e3965be1623100
SHA256 4f0a2f61c12656d7beeb8cac208677681842fb16fba9a70640f1e3f4f10ffb1e
SHA512 71b6a4d6d243d9aa8bc12a8d94cfa273c5fc5fd368dc2f3b67baa16d33dbe05db78ddb848c19471cebf57e2e54238d61f6fb76ccac9128e1b08372f9e496190b

C:\Windows\svchost.exe

MD5 d9388c699c90425c544fafbd3e76d050
SHA1 259c77c0c962d3ed5e5c8cdb45136bcb7b0d6c85
SHA256 789927116a7af35162ae6e438536a90ad996a20ffbe060d615881ae62897e2c9
SHA512 3cc2632ec5933adcc8c17d7c5a5216a7ad7a09c7210cc6508901d0352f812ff48220bf928fb5804397c80ea2c443622df525f68dbc8f6667e30043913c2c9cd4

C:\Users\Admin\AppData\Local\Temp\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 5ebbf7204545ce084ffed3b0286a80bb
SHA1 8e8a1c01e8862e10e6a5bfb857e3965be1623100
SHA256 4f0a2f61c12656d7beeb8cac208677681842fb16fba9a70640f1e3f4f10ffb1e
SHA512 71b6a4d6d243d9aa8bc12a8d94cfa273c5fc5fd368dc2f3b67baa16d33dbe05db78ddb848c19471cebf57e2e54238d61f6fb76ccac9128e1b08372f9e496190b

memory/4604-139-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 1455f28829e0865cc8888738dadd8c56
SHA1 8af9002345af4bc2888d2c13d1cca0c29272acb9
SHA256 5e7f2272c9616d11fcaeb0819584645c0e99882f50ac7fd3831d2e6ded1511cc
SHA512 04f110641457a659195f6b06eae838d15ee76e61a0aa120cfee16757f5de52582b9a1b1746c2ee36dac44c9b553aaf99a3925507977f14ed5bf21227c06d35f6

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 1455f28829e0865cc8888738dadd8c56
SHA1 8af9002345af4bc2888d2c13d1cca0c29272acb9
SHA256 5e7f2272c9616d11fcaeb0819584645c0e99882f50ac7fd3831d2e6ded1511cc
SHA512 04f110641457a659195f6b06eae838d15ee76e61a0aa120cfee16757f5de52582b9a1b1746c2ee36dac44c9b553aaf99a3925507977f14ed5bf21227c06d35f6

memory/4980-142-0x0000000000000000-mapping.dmp

C:\Windows\svchost.exe

MD5 d9388c699c90425c544fafbd3e76d050
SHA1 259c77c0c962d3ed5e5c8cdb45136bcb7b0d6c85
SHA256 789927116a7af35162ae6e438536a90ad996a20ffbe060d615881ae62897e2c9
SHA512 3cc2632ec5933adcc8c17d7c5a5216a7ad7a09c7210cc6508901d0352f812ff48220bf928fb5804397c80ea2c443622df525f68dbc8f6667e30043913c2c9cd4

memory/812-144-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/2176-147-0x0000000000000000-mapping.dmp

C:\odt\OFFICE~1.EXE

MD5 02c3d242fe142b0eabec69211b34bc55
SHA1 ea0a4a6d6078b362f7b3a4ad1505ce49957dc16e
SHA256 2a1ed24be7e3859b46ec3ebc316789ead5f12055853f86a9656e04b4bb771842
SHA512 0efb08492eaaa2e923beddc21566e98fbbef3a102f9415ff310ec616f5c84fd2ba3a7025b05e01c0bdf37e5e2f64dfd845f9254a376144cc7d827e7577dbb099

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/4660-151-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

memory/216-153-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/2352-156-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3820-159-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/4460-163-0x0000000000000000-mapping.dmp

memory/764-165-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

memory/3704-169-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/2132-171-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

memory/4376-175-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/4252-177-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

memory/2740-181-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/2768-183-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

memory/2464-187-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/2784-189-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

memory/988-193-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/2852-195-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

memory/4548-198-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/4084-200-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

memory/1816-204-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1856-206-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2388-209-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/4344-212-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

memory/5052-216-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1940-218-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Users\Admin\AppData\Local\Temp\3582-490\927a01388f29cfae90666ab8e2683cdba4de0ef4dc18387f5981b9b166b29f60.exe

MD5 ac1bb517b2b36a685dfec44573ba1247
SHA1 a349c272c8080b57362af5530d4412ea9de6cfda
SHA256 c6ed2f55ef857a3f1b9b684e96b6712dcc43692858d89bcd5c9d12c145d76334
SHA512 78954d5afd0e62cfb7ff127f3d89eecca51c3601509163b6444e859d5086d39b634334b297b43777d1dca4ffb9b644968558734995546fafa1794822ed5c210e

memory/1420-222-0x0000000000000000-mapping.dmp

memory/5056-224-0x0000000000000000-mapping.dmp

C:\Windows\svchost.com

MD5 f44ecb4ae571f3356ae16632b9046857
SHA1 11f36c4690d0405b2abcfbd3e1b3eda45d9fb43c
SHA256 f04acd9936ce613948e18cef4590ac6a78f3c26824cb4aca62bf3b9d2c765e15
SHA512 b0b89154e4cbb3eb3124205d6965b23dcc9dbc39d69be72be25a1cb8b68a7ae5d7ce8571f7732f933964f9d641bdaa9518dc0c08c53ecbf221eff595294cffd5

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2496-228-0x0000000000000000-mapping.dmp

C:\Windows\directx.sys

MD5 9d81430452bc4e350962bf194f99177b
SHA1 bff3a181fd3f9c455833d95ab135c29f5da70c31
SHA256 644400fc101782431fed791ae764aa56ef1e3e11f25b70f90e0013d9bb4451be
SHA512 09d24446e36a32293a45172e2c0a7f0d5de7e213fa318fe9b15e1f6430143f3c9f039cfd86b700cd963c77feadb9338d6f6c7363f4f4759d10d3b4522a3e8ce5

memory/4360-229-0x0000000000000000-mapping.dmp

memory/2244-230-0x0000000000000000-mapping.dmp

memory/4216-231-0x0000000000000000-mapping.dmp

memory/4908-232-0x0000000000000000-mapping.dmp

memory/1880-233-0x0000000000000000-mapping.dmp

memory/2760-234-0x0000000000000000-mapping.dmp

memory/4156-235-0x0000000000000000-mapping.dmp

memory/4516-236-0x0000000000000000-mapping.dmp

memory/4328-237-0x0000000000000000-mapping.dmp

memory/4004-238-0x0000000000000000-mapping.dmp

memory/1452-239-0x0000000000000000-mapping.dmp

memory/2140-240-0x0000000000000000-mapping.dmp

memory/2068-241-0x0000000000000000-mapping.dmp

memory/2280-242-0x0000000000000000-mapping.dmp

memory/4464-243-0x0000000000000000-mapping.dmp

memory/3696-244-0x0000000000000000-mapping.dmp

memory/2536-245-0x0000000000000000-mapping.dmp

memory/4708-246-0x0000000000000000-mapping.dmp

memory/4492-247-0x0000000000000000-mapping.dmp

memory/2312-248-0x0000000000000000-mapping.dmp

memory/392-249-0x0000000000000000-mapping.dmp

memory/208-250-0x0000000000000000-mapping.dmp

memory/260-251-0x0000000000000000-mapping.dmp

memory/3100-252-0x0000000000000000-mapping.dmp

memory/1684-253-0x0000000000000000-mapping.dmp

memory/4184-254-0x0000000000000000-mapping.dmp

memory/3156-255-0x0000000000000000-mapping.dmp

memory/3896-256-0x0000000000000000-mapping.dmp

memory/3904-257-0x0000000000000000-mapping.dmp

memory/3704-258-0x0000000000000000-mapping.dmp

memory/3876-259-0x0000000000000000-mapping.dmp