Analysis Overview
SHA256
40c6a313785e33be10896ddcbd2c4fae4430e6a06cc2b9a093b4e3df046f2ae2
Threat Level: Known bad
The file 213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Neshta
Neshta family
Detect Neshta payload
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Modifies system executable filetype association
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-22 05:47
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Neshta family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 05:47
Reported
2024-05-22 05:50
Platform
win7-20240508-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe | N/A |
Reads user/profile data of web browsers
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
Network
Files
\Users\Admin\AppData\Local\Temp\3582-490\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe
| MD5 | f3d492093579b48d3f9f8edb11f81d7d |
| SHA1 | fafbe3ab4a2b94362817526df69081bf79630be1 |
| SHA256 | bbfb2bc43efbb5c5edafc09305e65886a7a9a6b83e612bd0fe14cd8ab4eb5039 |
| SHA512 | ba0bc85b6f3f266e8d5d15cb3b30481edf2ae1e9ef0fa7f05ce9e6d7b02bf002e3eb2bd31620df105b93ffb354ccd10acf4b01c9e75a534e1bc638c65b9226ab |
C:\Windows\svchost.com
| MD5 | 7b40eebba0e59a4f95aff126b4579b85 |
| SHA1 | 328dee298207160b1fa153cff2ae1b112bcea69c |
| SHA256 | 7b4cfa1ac6a64ba42a1b8a7f89da24ca12d44fb448b1e5c2e34932de1a2b1833 |
| SHA512 | dcb90370e02b1d6a6e288e621d1e0d86a43fb85c10129daa50affe0c090447029c16509aae29e32bea4e3dc3dd336c8e2f43525208b16fe04c61d228a136161d |
C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
| MD5 | cf6c595d3e5e9667667af096762fd9c4 |
| SHA1 | 9bb44da8d7f6457099cb56e4f7d1026963dce7ce |
| SHA256 | 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d |
| SHA512 | ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80 |
C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE
| MD5 | 02ee6a3424782531461fb2f10713d3c1 |
| SHA1 | b581a2c365d93ebb629e8363fd9f69afc673123f |
| SHA256 | ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc |
| SHA512 | 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec |
C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe
| MD5 | 566ed4f62fdc96f175afedd811fa0370 |
| SHA1 | d4b47adc40e0d5a9391d3f6f2942d1889dd2a451 |
| SHA256 | e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460 |
| SHA512 | cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7 |
C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe
| MD5 | 58b58875a50a0d8b5e7be7d6ac685164 |
| SHA1 | 1e0b89c1b2585c76e758e9141b846ed4477b0662 |
| SHA256 | 2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae |
| SHA512 | d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b |
memory/2596-31-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2736-30-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\directx.sys
| MD5 | e13bed9a6db8a39d2766184834289a18 |
| SHA1 | 22d7acb0d2623360f9ddfd2a09ac64e41d4e3e27 |
| SHA256 | f95436430c76adbc7f4bba9ab0848ae95afc661928156ade15bc0cdfbc83e938 |
| SHA512 | c49117f6bd48086a9bfa9c390f8e4bef512081760ca32194564c8e0fd27838fd93ca0405d70cee00771eb8facf1fae13da36dab1f42ab7e8faa5e1e83caed50d |
memory/2504-44-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2704-45-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2676-59-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2480-58-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2800-73-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2948-72-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2020-86-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2772-85-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE
| MD5 | 831270ac3db358cdbef5535b0b3a44e6 |
| SHA1 | c0423685c09bbe465f6bb7f8672c936e768f05a3 |
| SHA256 | a8f78ac26c738b13564252f1048ca784bf152ef048b829d3d22650b7f62078f0 |
| SHA512 | f64a00977d4b6f8c43f53cee7bb450f3c8cbef08525975055fde5d8c515db32d2bfad92e99313b3a10a72a50dd09b4ffe28e9af4c148c6480622ba486776e450 |
C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe
| MD5 | 3ec4922dbca2d07815cf28144193ded9 |
| SHA1 | 75cda36469743fbc292da2684e76a26473f04a6d |
| SHA256 | 0587fd366ea7e94b3ae500874b1c5d684b5357fcc7389682d5a13c3301a28801 |
| SHA512 | 956c3a1f2689cb72600edd2e90d652b77592a8a81d319dce026e88f6c02231af06aebd57d68460eb406de00c113522173423cb1b339a41a3918f379c7dc311f7 |
C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe
| MD5 | e1833678885f02b5e3cf1b3953456557 |
| SHA1 | c197e763500002bc76a8d503933f1f6082a8507a |
| SHA256 | bd9a16d8d7590a2ec827913db5173f8beb1d1ef44dab1920ef52a307f922bc14 |
| SHA512 | fe107e1c8631ec6ac94f772e6a7be1fdc2a533fe3cfcf36b1ff018c8d01bd7f1f818f0a2448f736838c953cd516ea7327c416dea20706ed2420327af8ef01abe |
\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
| MD5 | 9e2b9928c89a9d0da1d3e8f4bd96afa7 |
| SHA1 | ec66cda99f44b62470c6930e5afda061579cde35 |
| SHA256 | 8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043 |
| SHA512 | 2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156 |
C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE
| MD5 | eef2f834c8d65585af63916d23b07c36 |
| SHA1 | 8cb85449d2cdb21bd6def735e1833c8408b8a9c6 |
| SHA256 | 3cd34a88e3ae7bd3681a7e3c55832af026834055020add33e6bd6f552fc0aabd |
| SHA512 | 2ee8766e56e5b1e71c86f7d1a1aa1882706d0bca8f84b2b2c54dd4c255e04f037a6eb265302449950e5f5937b0e57f17a6aa45e88a407ace4b3945e65043d9b7 |
C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE
| MD5 | 8c4f4eb73490ca2445d8577cf4bb3c81 |
| SHA1 | 0f7d1914b7aeabdb1f1e4caedd344878f48be075 |
| SHA256 | 85f7249bfac06b5ee9b20c7f520e3fdc905be7d64cfbefb7dcd82cd8d44686d5 |
| SHA512 | 65453075c71016b06430246c1ee2876b7762a03112caf13cff4699b7b40487616c88a1160d31e86697083e2992e0dd88ebf1721679981077799187efaa0a1769 |
memory/1792-106-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1236-105-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe
| MD5 | e44497b628f663fd0ae07c9b4390452d |
| SHA1 | d850535c67bed4d6bb158b9a3eb595be912f9c62 |
| SHA256 | 5ab884509927dedddbd6e65e539436638be2d2267d7593de60ec1b4686df3e80 |
| SHA512 | 5028f949b3e75534481c059f115efefc87331becc70221408de2408e7148db91b9357fb5b44a43c5cf76d1a389c011082cff28b5f0aea5b0822ae55e98be7105 |
memory/2208-132-0x0000000000400000-0x000000000041B000-memory.dmp
memory/792-131-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2436-150-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1280-149-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1768-175-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2112-176-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2252-180-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2072-179-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1516-198-0x0000000000400000-0x000000000041B000-memory.dmp
memory/608-199-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1752-207-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1308-206-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1392-223-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1988-222-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1500-232-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2888-231-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1552-256-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1608-257-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1700-263-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1712-262-0x0000000076DE0000-0x0000000076EDA000-memory.dmp
memory/1712-261-0x0000000076EE0000-0x0000000076FFF000-memory.dmp
memory/1712-260-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3008-281-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2624-280-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2760-294-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2240-293-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2736-303-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2636-302-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2536-310-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2512-311-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2952-319-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2644-318-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2796-327-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2652-326-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1256-334-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-335-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1648-343-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1252-342-0x0000000000400000-0x000000000041B000-memory.dmp
memory/484-356-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2172-355-0x0000000000400000-0x000000000041B000-memory.dmp
memory/536-358-0x0000000000400000-0x000000000041B000-memory.dmp
memory/768-359-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1064-367-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2372-366-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1472-375-0x0000000000400000-0x000000000041B000-memory.dmp
memory/616-374-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2564-383-0x0000000000400000-0x000000000041B000-memory.dmp
memory/796-382-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1212-390-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2248-396-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1856-399-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2868-398-0x0000000000400000-0x000000000041B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 05:47
Reported
2024-05-22 05:50
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
Executes dropped EXE
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe | N/A |
Reads user/profile data of web browsers
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 76d35acebfd175da752ef62fadfd55b8 RyRjTPG0CUuCfHVjitxP/A.0.1.0.0.0
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\213D42~1.EXE
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\3582-490\213d42a491a4f1717a3e2c41a9f115d0_NeikiAnalytics.exe
| MD5 | f3d492093579b48d3f9f8edb11f81d7d |
| SHA1 | fafbe3ab4a2b94362817526df69081bf79630be1 |
| SHA256 | bbfb2bc43efbb5c5edafc09305e65886a7a9a6b83e612bd0fe14cd8ab4eb5039 |
| SHA512 | ba0bc85b6f3f266e8d5d15cb3b30481edf2ae1e9ef0fa7f05ce9e6d7b02bf002e3eb2bd31620df105b93ffb354ccd10acf4b01c9e75a534e1bc638c65b9226ab |
C:\Windows\svchost.com
| MD5 | 7b40eebba0e59a4f95aff126b4579b85 |
| SHA1 | 328dee298207160b1fa153cff2ae1b112bcea69c |
| SHA256 | 7b4cfa1ac6a64ba42a1b8a7f89da24ca12d44fb448b1e5c2e34932de1a2b1833 |
| SHA512 | dcb90370e02b1d6a6e288e621d1e0d86a43fb85c10129daa50affe0c090447029c16509aae29e32bea4e3dc3dd336c8e2f43525208b16fe04c61d228a136161d |
memory/4940-16-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1372-27-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | e13bed9a6db8a39d2766184834289a18 |
| SHA1 | 22d7acb0d2623360f9ddfd2a09ac64e41d4e3e27 |
| SHA256 | f95436430c76adbc7f4bba9ab0848ae95afc661928156ade15bc0cdfbc83e938 |
| SHA512 | c49117f6bd48086a9bfa9c390f8e4bef512081760ca32194564c8e0fd27838fd93ca0405d70cee00771eb8facf1fae13da36dab1f42ab7e8faa5e1e83caed50d |
memory/528-28-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2160-32-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4980-40-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1996-44-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2104-52-0x0000000000400000-0x000000000041B000-memory.dmp
memory/412-56-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4184-64-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2612-68-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3268-76-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2468-80-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
| MD5 | 8ffc3bdf4a1903d9e28b99d1643fc9c7 |
| SHA1 | 919ba8594db0ae245a8abd80f9f3698826fc6fe5 |
| SHA256 | 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6 |
| SHA512 | 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
| MD5 | 3b73078a714bf61d1c19ebc3afc0e454 |
| SHA1 | 9abeabd74613a2f533e2244c9ee6f967188e4e7e |
| SHA256 | ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29 |
| SHA512 | 75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE
| MD5 | 8c753d6448183dea5269445738486e01 |
| SHA1 | ebbbdc0022ca7487cd6294714cd3fbcb70923af9 |
| SHA256 | 473eb551101caeaf2d18f811342e21de323c8dd19ed21011997716871defe997 |
| SHA512 | 4f6fddefc42455540448eac0b693a4847e21b68467486376a4186776bfe137337733d3075b7b87ed7dac532478dc9afc63883607ec8205df3f155fee64c7a9be |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE
| MD5 | 4ddc609ae13a777493f3eeda70a81d40 |
| SHA1 | 8957c390f9b2c136d37190e32bccae3ae671c80a |
| SHA256 | 16d65f2463658a72dba205dcaa18bc3d0bab4453e726233d68bc176e69db0950 |
| SHA512 | 9d7f90d1529cab20078c2690bf7bffab5a451a41d8993781effe807e619da0e7292f991da2f0c5c131b111d028b3e6084e5648c90816e74dfb664e7f78181bc5 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe
| MD5 | 5791075058b526842f4601c46abd59f5 |
| SHA1 | b2748f7542e2eebcd0353c3720d92bbffad8678f |
| SHA256 | 5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394 |
| SHA512 | 83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb |
memory/4696-109-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3044-120-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3456-121-0x0000000000400000-0x000000000041B000-memory.dmp
memory/432-132-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE
| MD5 | 3b35b268659965ab93b6ee42f8193395 |
| SHA1 | 8faefc346e99c9b2488f2414234c9e4740b96d88 |
| SHA256 | 750824b5f75c91a6c2eeb8c5e60ae28d7a81e323d3762c8652255bfea5cba0bb |
| SHA512 | 035259a7598584ddb770db3da4e066b64dc65638501cdd8ff9f8e2646f23b76e3dfffa1fb5ed57c9bd15bb4efa3f7dd33fdc2e769e5cc195c25de0e340eb89ab |
memory/3980-139-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe
| MD5 | e7a27a45efa530c657f58fda9f3b9f4a |
| SHA1 | 6c0d29a8b75574e904ab1c39fc76b39ca8f8e461 |
| SHA256 | d6f11401f57293922fb36cd7542ae811ab567a512449e566f83ce0dcef5ff8e5 |
| SHA512 | 0c37b41f3c075cd89a764d81f751c3a704a19240ad8e4ebab591f399b9b168b920575749e9d24c2a8f0400b9f340ab9fea4db76ff7060d8af00e2b36ac0c4a54 |
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe
| MD5 | e316c67c785d3e39e90341b0bbaac705 |
| SHA1 | 7ffd89492438a97ad848068cfdaab30c66afca35 |
| SHA256 | 4fc8b9433b45c2607cbdf3d1c042c3918b854c9db3ade13b5bb2761d28f1c478 |
| SHA512 | 25ec433c10adc69305de97107463be74d7b4768acca27886498485e8bc2c8b099994e6c1c6c09a7e603816203d6b18e509fb79f24992915eb802f59bcb790090 |
C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaw.exe
| MD5 | 6f87ccb8ab73b21c9b8288b812de8efa |
| SHA1 | a709254f843a4cb50eec3bb0a4170ad3e74ea9b3 |
| SHA256 | 14e7a1f2f930380903ae3c912b4a70fd0a59916315c46874805020fe41215c22 |
| SHA512 | 619b45b9728880691a88fbfc396c9d34b41d5e349e04d2eb2d18c535fffc079395835af2af7ca69319954a98852d2f9b7891eff91864d63bf25759c156e192ee |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE
| MD5 | 400836f307cf7dbfb469cefd3b0391e7 |
| SHA1 | 7af3cbb12d3b2d8b5d9553c687c6129d1dd90a10 |
| SHA256 | cb5c5abb625a812d47007c75e3855be3f29da527a41cf03730ad5c81f3eb629a |
| SHA512 | aa53cb304478585d6f83b19a6de4a7938ba2570d380a565a56ff5365aed073d5f56b95ad3228eb7d1e7e6110c6172a58b97bd6a5e57e4a8d39e762ed31dc17c8 |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE
| MD5 | 5da33a7b7941c4e76208ee7cddec8e0b |
| SHA1 | cdd2e7b9b0e4be68417d4618e20a8283887c489c |
| SHA256 | 531e735e4e8940dfe21e30be0d4179ceaecb57ce431cf63c5044e07048ac1751 |
| SHA512 | 977aeecfbc693c9d5746fedf08b99e0b0f6fd7b0c7b41ac2b34a832e68a2e6f3c68f38af2e65c87075fcf00c1c6103e34324df45d7da9412cbbeea7e410794b6 |
memory/1228-160-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Google\Update\DISABL~1.EXE
| MD5 | 3b0e91f9bb6c1f38f7b058c91300e582 |
| SHA1 | 6e2e650941b1a96bb0bb19ff26a5d304bb09df5f |
| SHA256 | 57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d |
| SHA512 | a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE
| MD5 | 25e165d6a9c6c0c77ee1f94c9e58754b |
| SHA1 | 9b614c1280c75d058508bba2a468f376444b10c1 |
| SHA256 | 8bbe59987228dd9ab297f9ea34143ea1e926bfb19f3d81c2904ab877f31e1217 |
| SHA512 | 7d55c7d86ccabb6e9769ebca44764f4d89e221d5756e5c5d211e52c271e3ce222df90bc9938248e2e210d6695f30f6280d929d19ef41c09d3ea31688ae24d4bf |
memory/4816-203-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE
| MD5 | a5d9eaa7d52bffc494a5f58203c6c1b5 |
| SHA1 | 97928ba7b61b46a1a77a38445679d040ffca7cc8 |
| SHA256 | 34b8662d38e7d3d6394fa6c965d943d2c82ea06ba9d7a0af4f8e0571fb5a9c48 |
| SHA512 | b6fdc8389bb4d736d608600469be6a4b0452aa3ea082f9a0791022a14c02b8fb7dcd62df133b0518e91283094eaba2be9318316f72d2c4aae6286d3e8686e787 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe
| MD5 | 5119e350591269f44f732b470024bb7c |
| SHA1 | 4ccd48e4c6ba6e162d1520760ee3063e93e2c014 |
| SHA256 | 2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873 |
| SHA512 | 599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe
| MD5 | 6ce350ad38c8f7cbe5dd8fda30d11fa1 |
| SHA1 | 4f232b8cccd031c25378b4770f85e8038e8655d8 |
| SHA256 | 06a3bb0bdd2da870bc8dc2c6b760855cea7821273ce59fc0be158149e52915ba |
| SHA512 | 4c18a112fec391f443a4ae217ac6d1850e0cfdad4b2d2cbe3f61cb01c0a1400ea6bd5c3ffe0a9978ead50e7f6cfab96ae5090bb9a611f988f1a86ccaa5d4cd4f |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE
| MD5 | 301d7f5daa3b48c83df5f6b35de99982 |
| SHA1 | 17e68d91f3ec1eabde1451351cc690a1978d2cd4 |
| SHA256 | abe398284d90be5e5e78f98654b88664e2e14478f7eb3f55c5fd1c1bcf1bebee |
| SHA512 | 4a72a24dec461d116fe8324c651913273ccaa50cb036ccdacb3ae300e417cf4a64aa458869b8d2f3b4c298c59977437d11b241d08b391a481c3226954bba22e4 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE
| MD5 | 41b1e87b538616c6020369134cbce857 |
| SHA1 | a255c7fef7ba2fc1a7c45d992270d5af023c5f67 |
| SHA256 | 08465cc139ee50a7497f8c842f74730d3a8f1a73c0b7caca95e9e6d37d3beed3 |
| SHA512 | 3a354d3577b45f6736203d5a35a2d1d543da2d1e268cefeffe6bdb723ff63c720ceb2838701144f5fec611470d77649846e0fb4770d6439f321f6b819f03e4db |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE
| MD5 | 5e08d87c074f0f8e3a8e8c76c5bf92ee |
| SHA1 | f52a554a5029fb4749842b2213d4196c95d48561 |
| SHA256 | 5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714 |
| SHA512 | dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE
| MD5 | 7c73e01bd682dc67ef2fbb679be99866 |
| SHA1 | ad3834bd9f95f8bf64eb5be0a610427940407117 |
| SHA256 | da333c92fdfd2e8092f5b56686b94f713f8fa27ef8f333e7222259ad1eb08f5d |
| SHA512 | b2f3398e486cde482cb6bea18f4e5312fa2db7382ca25cea17bcba5ab1ff0e891d59328bc567641a9da05caca4d7c61dc102289d46e7135f947ce6155e295711 |
memory/1556-221-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE
| MD5 | e5589ec1e4edb74cc7facdaac2acabfd |
| SHA1 | 9b12220318e848ed87bb7604d6f6f5df5dbc6b3f |
| SHA256 | 6ce92587a138ec07dac387a294d0bbe8ab629599d1a2868d2afaccea3b245d67 |
| SHA512 | f36ab33894681f51b9cec7ea5a738eb081a56bcd7625bdd2f5ef2c084e4beb7378be8f292af3aeae79d9317ba57cc41df89f00aef52e58987bdb2eac3f48171a |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe
| MD5 | 0511abca39ed6d36fff86a8b6f2266cd |
| SHA1 | bfe55ac898d7a570ec535328b6283a1cdfa33b00 |
| SHA256 | 76ae68fc7c6c552c4a98c5df640cd96cf27b62e7e1536b7f7d08eff56fcde8b8 |
| SHA512 | 6608412e3ed0057f387bafcddcb07bfe7da4f207c7300c460e5acc4bd234cec3362191800789eb465eb120ec069e3ed49eabb6bd7db30d9e9245a89bb20e4346 |
memory/2200-232-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4316-236-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3356-247-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1264-254-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3652-257-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4868-259-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4944-265-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5084-267-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1544-273-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2136-275-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4784-281-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3884-283-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1884-289-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2612-296-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3000-297-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1516-304-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4200-305-0x0000000000400000-0x000000000041B000-memory.dmp
memory/616-312-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4412-313-0x0000000000400000-0x000000000041B000-memory.dmp
memory/652-320-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3996-321-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1040-323-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3004-329-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3424-336-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3680-337-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4092-344-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3316-345-0x0000000000400000-0x000000000041B000-memory.dmp
memory/436-347-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2012-353-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4964-355-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4308-361-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3292-363-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1176-369-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1984-376-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3376-377-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1940-379-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3356-385-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4276-387-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5000-393-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3124-395-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4516-401-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2820-403-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2084-409-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2136-411-0x0000000000400000-0x000000000041B000-memory.dmp