Analysis Overview
SHA256
5ebf9f85b062b4e0417fad150002e55b7563af040dcde97834c76ed827745188
Threat Level: Known bad
The file 2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta was found to be: Known bad.
Malicious Activity Summary
Xworm
Xworm family
Detect Xworm Payload
Neshta
Detects Windows executables referencing non-Windows User-Agents
Neshta family
Detect Neshta payload
Detects executables using Telegram Chat Bot
Detects Windows executables referencing non-Windows User-Agents
Detects executables using Telegram Chat Bot
Loads dropped DLL
Modifies system executable filetype association
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Drops startup file
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-22 12:30
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables using Telegram Chat Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Neshta family
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 12:30
Reported
2024-05-22 12:44
Platform
win7-20240221-en
Max time kernel
130s
Max time network
140s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Xworm
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables using Telegram Chat Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe | N/A |
Reads user/profile data of web browsers
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| PL | 45.138.16.245:3232 | tcp | |
| PL | 45.138.16.245:3232 | tcp | |
| PL | 45.138.16.245:3232 | tcp | |
| PL | 45.138.16.245:3232 | tcp |
Files
\Users\Admin\AppData\Local\Temp\3582-490\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe
| MD5 | 74960a8957bda5fc43fdbbee00c8e43a |
| SHA1 | 7aa001d4146115aba8c60764f2be00e73a9ced76 |
| SHA256 | 43a7fc63f2bbf150e97eeb9a63cd0923bcb97732b61cca264381eb303d2ce749 |
| SHA512 | cb4c7affbc0f351f612c3a864801b7c20de1dfff8546def3981d3bcac1bc0b1e1591af54dce46e0ce5fe088c76847a549e782180666c031b8729e07fbe04943c |
C:\Windows\svchost.com
| MD5 | 8fa91495aa472bea34f0746d9d8afa41 |
| SHA1 | a76f8c6827049cd9463f807d669da38a4fe29cb8 |
| SHA256 | 81325e9702d79b2844cddc4b9215241d80017e91fc35d97ae6a4c0a247a989de |
| SHA512 | d2986a7edb0cabfb96969a42e00d1764bc50e9f570cb98f69f6dd16aa41dffb0215d12efb8cab23f79b7731255850fdcc1a7a7bd837f44c1158be34c7f1736f6 |
C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
| MD5 | cf6c595d3e5e9667667af096762fd9c4 |
| SHA1 | 9bb44da8d7f6457099cb56e4f7d1026963dce7ce |
| SHA256 | 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d |
| SHA512 | ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80 |
C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE
| MD5 | 02ee6a3424782531461fb2f10713d3c1 |
| SHA1 | b581a2c365d93ebb629e8363fd9f69afc673123f |
| SHA256 | ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc |
| SHA512 | 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec |
C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe
| MD5 | 566ed4f62fdc96f175afedd811fa0370 |
| SHA1 | d4b47adc40e0d5a9391d3f6f2942d1889dd2a451 |
| SHA256 | e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460 |
| SHA512 | cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7 |
C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe
| MD5 | 58b58875a50a0d8b5e7be7d6ac685164 |
| SHA1 | 1e0b89c1b2585c76e758e9141b846ed4477b0662 |
| SHA256 | 2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae |
| SHA512 | d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b |
C:\Windows\directx.sys
| MD5 | aa5d44cd21bb1f0a90a1640a3dde0b2d |
| SHA1 | c1ac58e1bc96fbc646edcab48fcca80065bdc0a5 |
| SHA256 | 4376f4b31a258954dd36ca9916dfb71d72e8aa98920bf2091e0836df665551f6 |
| SHA512 | bffca5e0acc727e5aa256d05f751480208bbcd4915f02b39a9269a8e0d26caf7f74ae9bcc7276f808024463b756038b5e49fc240556cd20db8b3cdbe8a182d8d |
memory/2460-30-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2584-29-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2332-59-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1984-58-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2568-52-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2592-44-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-73-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2140-72-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1476-87-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2104-86-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1496-101-0x0000000000400000-0x000000000041B000-memory.dmp
memory/380-100-0x0000000000400000-0x000000000041B000-memory.dmp
memory/620-114-0x0000000000400000-0x000000000041B000-memory.dmp
memory/324-115-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1320-127-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1780-128-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2732-142-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3056-149-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2312-152-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1732-151-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1464-159-0x0000000000400000-0x000000000041B000-memory.dmp
memory/656-160-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3016-173-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2228-172-0x0000000000400000-0x000000000041B000-memory.dmp
memory/964-197-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-198-0x0000000000400000-0x000000000041B000-memory.dmp
memory/240-217-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2040-225-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2004-233-0x0000000000400000-0x000000000041B000-memory.dmp
memory/848-232-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1668-250-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1248-249-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2532-268-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1200-267-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2584-291-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2788-294-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2508-317-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2380-316-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1548-328-0x0000000000400000-0x000000000041B000-memory.dmp
memory/772-329-0x0000000000400000-0x000000000041B000-memory.dmp
memory/768-337-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2064-336-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2100-358-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2084-359-0x0000000000400000-0x000000000041B000-memory.dmp
memory/328-369-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2308-368-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1436-372-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1684-371-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1780-380-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2656-379-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2632-388-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3068-387-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1076-396-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2512-395-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1696-404-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2052-403-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2268-412-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2980-411-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1852-420-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1516-419-0x0000000000400000-0x000000000041B000-memory.dmp
memory/844-427-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1788-433-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1992-435-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1740-436-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2948-1837-0x0000000000340000-0x0000000000368000-memory.dmp
C:\Users\Admin\AppData\Roaming\updater.exe
| MD5 | 6a1dcbda969e49f2f93320b523fad8cf |
| SHA1 | aac07c2bc15defa172211edc6e1462907fc5d012 |
| SHA256 | 2bc8125605ae7ee338485591b4e8bb7e749eb75d590d36bc8f5ad7e72b9fe08d |
| SHA512 | fbad56e5716f5c98520406d5ba01b19ce6ecb3a5ac9913e46451f75623c31c86f692007333b367b615822a3a772b97ab5b6750cb3c9d5e23e129724d0e79b9ed |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 12:30
Reported
2024-05-22 12:44
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
156s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Xworm
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables using Telegram Chat Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Executes dropped EXE
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe | N/A |
Reads user/profile data of web browsers
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe b7efe459acabac4ca888c6230117c406 GydKM8C6uE2ll1kWTm+u+w.0.1.0.0.0
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv GydKM8C6uE2ll1kWTm+u+w.0.2
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-0~1.EXE
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| PL | 45.138.16.245:3232 | tcp | |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| PL | 45.138.16.245:3232 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| PL | 45.138.16.245:3232 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| PL | 45.138.16.245:3232 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-05-22_2219802df8a09e0ce53ddf7dc5fde337_hiddentear_neshta.exe
| MD5 | 74960a8957bda5fc43fdbbee00c8e43a |
| SHA1 | 7aa001d4146115aba8c60764f2be00e73a9ced76 |
| SHA256 | 43a7fc63f2bbf150e97eeb9a63cd0923bcb97732b61cca264381eb303d2ce749 |
| SHA512 | cb4c7affbc0f351f612c3a864801b7c20de1dfff8546def3981d3bcac1bc0b1e1591af54dce46e0ce5fe088c76847a549e782180666c031b8729e07fbe04943c |
C:\Windows\svchost.com
| MD5 | 8fa91495aa472bea34f0746d9d8afa41 |
| SHA1 | a76f8c6827049cd9463f807d669da38a4fe29cb8 |
| SHA256 | 81325e9702d79b2844cddc4b9215241d80017e91fc35d97ae6a4c0a247a989de |
| SHA512 | d2986a7edb0cabfb96969a42e00d1764bc50e9f570cb98f69f6dd16aa41dffb0215d12efb8cab23f79b7731255850fdcc1a7a7bd837f44c1158be34c7f1736f6 |
memory/2004-16-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4536-20-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | aa5d44cd21bb1f0a90a1640a3dde0b2d |
| SHA1 | c1ac58e1bc96fbc646edcab48fcca80065bdc0a5 |
| SHA256 | 4376f4b31a258954dd36ca9916dfb71d72e8aa98920bf2091e0836df665551f6 |
| SHA512 | bffca5e0acc727e5aa256d05f751480208bbcd4915f02b39a9269a8e0d26caf7f74ae9bcc7276f808024463b756038b5e49fc240556cd20db8b3cdbe8a182d8d |
memory/3168-28-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4088-32-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2672-40-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2264-44-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2324-52-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4244-56-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4992-64-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4964-68-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2736-76-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4648-87-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1356-88-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4552-99-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3668-100-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
| MD5 | 8ffc3bdf4a1903d9e28b99d1643fc9c7 |
| SHA1 | 919ba8594db0ae245a8abd80f9f3698826fc6fe5 |
| SHA256 | 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6 |
| SHA512 | 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427 |
memory/1844-111-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe
| MD5 | cce8964848413b49f18a44da9cb0a79b |
| SHA1 | 0b7452100d400acebb1c1887542f322a92cbd7ae |
| SHA256 | fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5 |
| SHA512 | bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE
| MD5 | 12c29dd57aa69f45ddd2e47620e0a8d9 |
| SHA1 | ba297aa3fe237ca916257bc46370b360a2db2223 |
| SHA256 | 22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880 |
| SHA512 | 255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488 |
memory/2380-132-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4508-136-0x0000000000400000-0x000000000041B000-memory.dmp
memory/404-144-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4216-148-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3124-156-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4896-176-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE
| MD5 | cbd96ba6abe7564cb5980502eec0b5f6 |
| SHA1 | 74e1fe1429cec3e91f55364e5cb8385a64bb0006 |
| SHA256 | 405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa |
| SHA512 | a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc |
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe
| MD5 | 1871539ce7d10fa86a69d88817c88699 |
| SHA1 | 77cd85e3be185549f58b9717d2ba442bbb4b3702 |
| SHA256 | 5fa917ecb3603cec549bc4ba0b23b1a028100322e6f07bb1bc8f4c101fac38db |
| SHA512 | 1ab5408adad0fcbc95018ad748a7561e72897f866eab85318ce2ccdbadd7a3a5622ee31d7903d2d9ad9dece3d81acdbdb32807e62824b8a36fd13ec1484fb44a |
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe
| MD5 | e316c67c785d3e39e90341b0bbaac705 |
| SHA1 | 7ffd89492438a97ad848068cfdaab30c66afca35 |
| SHA256 | 4fc8b9433b45c2607cbdf3d1c042c3918b854c9db3ade13b5bb2761d28f1c478 |
| SHA512 | 25ec433c10adc69305de97107463be74d7b4768acca27886498485e8bc2c8b099994e6c1c6c09a7e603816203d6b18e509fb79f24992915eb802f59bcb790090 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe
| MD5 | de69c005b0bbb513e946389227183eeb |
| SHA1 | 2a64efdcdc71654356f77a5b77da8b840dcc6674 |
| SHA256 | ad7b167ab599b6dad7e7f0ad47368643d91885253f95fadf0fadd1f8eb6ee9c7 |
| SHA512 | 6ca8cec0cf20ee9b8dfe263e48f211b6f1e19e3b4fc0f6e89807f39d3f4e862f0139eb5b35e3133ef60555589ad54406fb11d95845568a5538602f287863b7d7 |
C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE
| MD5 | 96a14f39834c93363eebf40ae941242c |
| SHA1 | 5a3a676403d4e6ad0a51d0f0e2bbdd636ae5d6fc |
| SHA256 | 8ee4aa23eb92c4aba9a46b18ac249a5fa11c5abb7e2c1ca82cd5196401db790a |
| SHA512 | fbf307a8053e9478a52cfdf8e8bad3d7c6664c893458786ae6ee4fffc6fe93006e99a2a60c97fb62dad1addd5247621517f4edee5d9545717c4587a272cef9a2 |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE
| MD5 | 3b0e91f9bb6c1f38f7b058c91300e582 |
| SHA1 | 6e2e650941b1a96bb0bb19ff26a5d304bb09df5f |
| SHA256 | 57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d |
| SHA512 | a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE
| MD5 | 400836f307cf7dbfb469cefd3b0391e7 |
| SHA1 | 7af3cbb12d3b2d8b5d9553c687c6129d1dd90a10 |
| SHA256 | cb5c5abb625a812d47007c75e3855be3f29da527a41cf03730ad5c81f3eb629a |
| SHA512 | aa53cb304478585d6f83b19a6de4a7938ba2570d380a565a56ff5365aed073d5f56b95ad3228eb7d1e7e6110c6172a58b97bd6a5e57e4a8d39e762ed31dc17c8 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE
| MD5 | 96139c14b977d1c467630b436b092129 |
| SHA1 | 9cefa1b1f0cd9ab78855ffc4436cdbf93d3261b1 |
| SHA256 | e592bb4e6dbde3b35f7c7bd111c78a3211ced64ef543d0c9ec98471929145748 |
| SHA512 | de2a61c19b0bcec32228845ced9dac980d1e54168c78e073473ecf9b97e22f80770ab0aa2f2a36e06f323abc33124c874d52e5e2bc70a69d3bd2128e52b7493b |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE
| MD5 | 41b1e87b538616c6020369134cbce857 |
| SHA1 | a255c7fef7ba2fc1a7c45d992270d5af023c5f67 |
| SHA256 | 08465cc139ee50a7497f8c842f74730d3a8f1a73c0b7caca95e9e6d37d3beed3 |
| SHA512 | 3a354d3577b45f6736203d5a35a2d1d543da2d1e268cefeffe6bdb723ff63c720ceb2838701144f5fec611470d77649846e0fb4770d6439f321f6b819f03e4db |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE
| MD5 | 5e08d87c074f0f8e3a8e8c76c5bf92ee |
| SHA1 | f52a554a5029fb4749842b2213d4196c95d48561 |
| SHA256 | 5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714 |
| SHA512 | dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe
| MD5 | 6f87ccb8ab73b21c9b8288b812de8efa |
| SHA1 | a709254f843a4cb50eec3bb0a4170ad3e74ea9b3 |
| SHA256 | 14e7a1f2f930380903ae3c912b4a70fd0a59916315c46874805020fe41215c22 |
| SHA512 | 619b45b9728880691a88fbfc396c9d34b41d5e349e04d2eb2d18c535fffc079395835af2af7ca69319954a98852d2f9b7891eff91864d63bf25759c156e192ee |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe
| MD5 | 0511abca39ed6d36fff86a8b6f2266cd |
| SHA1 | bfe55ac898d7a570ec535328b6283a1cdfa33b00 |
| SHA256 | 76ae68fc7c6c552c4a98c5df640cd96cf27b62e7e1536b7f7d08eff56fcde8b8 |
| SHA512 | 6608412e3ed0057f387bafcddcb07bfe7da4f207c7300c460e5acc4bd234cec3362191800789eb465eb120ec069e3ed49eabb6bd7db30d9e9245a89bb20e4346 |
memory/1256-240-0x0000000000400000-0x000000000041B000-memory.dmp
memory/224-247-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1672-260-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4608-267-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5000-272-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1072-279-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4956-285-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2316-287-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2000-293-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4432-295-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2820-301-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4500-303-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5108-309-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3972-311-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4648-317-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4416-324-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1144-325-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4552-332-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1636-333-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3100-335-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1788-341-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1776-343-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1868-349-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1876-354-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2140-357-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1428-359-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4844-365-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2772-367-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3476-373-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4564-375-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2516-381-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4492-383-0x0000000000400000-0x000000000041B000-memory.dmp
memory/716-389-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2576-391-0x0000000000400000-0x000000000041B000-memory.dmp
memory/744-397-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1700-399-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2600-405-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1092-407-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2672-413-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2128-415-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1072-421-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4904-423-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1692-1473-0x00000000008E0000-0x0000000000908000-memory.dmp
C:\Users\Admin\AppData\Roaming\updater.exe
| MD5 | 6a1dcbda969e49f2f93320b523fad8cf |
| SHA1 | aac07c2bc15defa172211edc6e1462907fc5d012 |
| SHA256 | 2bc8125605ae7ee338485591b4e8bb7e749eb75d590d36bc8f5ad7e72b9fe08d |
| SHA512 | fbad56e5716f5c98520406d5ba01b19ce6ecb3a5ac9913e46451f75623c31c86f692007333b367b615822a3a772b97ab5b6750cb3c9d5e23e129724d0e79b9ed |