Malware Analysis Report

2024-09-11 03:26

Sample ID 240526-f31wlahc46
Target 706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe
SHA256 74c044d142cf02d77bc1f9c05c70255ebe8ab63193a71545ea955ab810b6e50c
Tags
neshta persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

74c044d142cf02d77bc1f9c05c70255ebe8ab63193a71545ea955ab810b6e50c

Threat Level: Known bad

The file 706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

neshta persistence spyware stealer

Neshta family

Detect Neshta payload

Neshta

Executes dropped EXE

Modifies system executable filetype association

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Event Triggered Execution
T1546
Change Default File Association
T1546.001
Privilege Escalation
TA0004
Event Triggered Execution
T1546
Change Default File Association
T1546.001
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-26 05:24

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Neshta family

neshta

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 05:24

Reported

2024-05-26 05:27

Platform

win7-20240419-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wab.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSQRY32.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\misc.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wabmig.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wab.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1700 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe
PID 1700 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe
PID 1700 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe
PID 1700 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe
PID 1336 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 1336 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 1336 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 1336 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 2644 wrote to memory of 2820 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2644 wrote to memory of 2820 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2644 wrote to memory of 2820 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2644 wrote to memory of 2820 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2820 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2820 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2820 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2820 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2952 wrote to memory of 2852 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2952 wrote to memory of 2852 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2952 wrote to memory of 2852 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2952 wrote to memory of 2852 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2852 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2852 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2852 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2852 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2676 wrote to memory of 2540 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2676 wrote to memory of 2540 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2676 wrote to memory of 2540 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2676 wrote to memory of 2540 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2540 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2540 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2540 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2540 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2616 wrote to memory of 3056 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2616 wrote to memory of 3056 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2616 wrote to memory of 3056 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2616 wrote to memory of 3056 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 3056 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3056 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3056 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3056 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2892 wrote to memory of 3012 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2892 wrote to memory of 3012 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2892 wrote to memory of 3012 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2892 wrote to memory of 3012 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 3012 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3012 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3012 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3012 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2452 wrote to memory of 2160 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2452 wrote to memory of 2160 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2452 wrote to memory of 2160 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2452 wrote to memory of 2160 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2160 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2160 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2160 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2160 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 1820 wrote to memory of 1672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1820 wrote to memory of 1672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1820 wrote to memory of 1672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1820 wrote to memory of 1672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1672 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 1672 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 1672 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 1672 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1273216464-309028037-13603185101969962822708386534549788895-11462131351768488768"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe

MD5 65b55eebb2829cec1129f85211b24291
SHA1 f34273805c9da5dd90b820e738ad58524194d46f
SHA256 f9f4555c80d4ca9086c861bfdf589dc8545089b0036e52fd338f162ccc83a7ca
SHA512 45acd843a570122f8ee3bcd254cfc0ac2d6a82a6273281089d13b61d1c7b393aec292c8dd802ab5db78c9172ae7a5d59b66b27f302747480e337e61a2515bd1d

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 02ee6a3424782531461fb2f10713d3c1
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc
SHA512 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec

C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe

MD5 cf6c595d3e5e9667667af096762fd9c4
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d
SHA512 ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 566ed4f62fdc96f175afedd811fa0370
SHA1 d4b47adc40e0d5a9391d3f6f2942d1889dd2a451
SHA256 e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460
SHA512 cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7

C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe

MD5 58b58875a50a0d8b5e7be7d6ac685164
SHA1 1e0b89c1b2585c76e758e9141b846ed4477b0662
SHA256 2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae
SHA512 d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b

memory/2820-31-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2644-32-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d6392e4aa462bf36bd0756fc03014718
SHA1 4a5914ecf5713780c372bd421b46bc1b92c4ba2d
SHA256 3e3c8ca31e349decd2fc2998fc49049c32ab8b1058827780e3b9167b040fd1e7
SHA512 3a7f1bb6c85404368c9095e08774eaf0e31fb4fbede197728ab7f0357d4cffbb8333cffee5e1612e4c3ff5b8b7171fe53ca301f1d83ed3c5114f7b1b45937249

memory/2952-47-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2852-46-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2676-62-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2540-61-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2616-77-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3056-76-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2892-93-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3012-91-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2160-106-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2452-107-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1820-122-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1672-121-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2740-139-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2864-138-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2100-157-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2096-156-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2456-166-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2500-167-0x0000000000400000-0x000000000041B000-memory.dmp

memory/812-181-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1640-182-0x0000000000400000-0x000000000041B000-memory.dmp

memory/292-197-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1364-198-0x0000000000400000-0x000000000041B000-memory.dmp

memory/948-214-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2292-215-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2960-228-0x0000000000400000-0x000000000041B000-memory.dmp

memory/908-227-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2308-239-0x0000000000400000-0x000000000041B000-memory.dmp

memory/772-238-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2460-255-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2440-256-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2248-276-0x0000000076EC0000-0x0000000076FBA000-memory.dmp

memory/2248-275-0x0000000076DA0000-0x0000000076EBF000-memory.dmp

memory/2248-274-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1736-273-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2648-286-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2536-285-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2664-294-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2712-301-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2556-302-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2676-317-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2756-318-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2900-327-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1732-328-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1652-336-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2420-335-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1624-343-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3028-344-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1796-351-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1876-352-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2592-360-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1684-359-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2888-367-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1272-368-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2904-376-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1532-375-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1516-383-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2020-384-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2116-391-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2068-392-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2028-400-0x0000000000400000-0x000000000041B000-memory.dmp

memory/536-399-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 05:24

Reported

2024-05-26 05:27

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wab.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.29\MICROS~3.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13185~1.29\MICROS~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wab.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.29\MICROS~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.29\MIA062~1.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wabmig.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.29\MICROS~2.EXE C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2728 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe
PID 2728 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe
PID 2728 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe
PID 4000 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 4000 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 4000 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 4652 wrote to memory of 4556 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 4652 wrote to memory of 4556 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 4652 wrote to memory of 4556 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 4556 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 4556 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 4556 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3716 wrote to memory of 708 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 3716 wrote to memory of 708 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 3716 wrote to memory of 708 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 708 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 708 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 708 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2004 wrote to memory of 4920 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2004 wrote to memory of 4920 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2004 wrote to memory of 4920 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 4920 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 4920 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 4920 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 1552 wrote to memory of 3896 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1552 wrote to memory of 3896 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1552 wrote to memory of 3896 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 3896 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3896 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3896 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 1088 wrote to memory of 64 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1088 wrote to memory of 64 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1088 wrote to memory of 64 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 64 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 64 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 64 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3612 wrote to memory of 2944 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 3612 wrote to memory of 2944 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 3612 wrote to memory of 2944 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2944 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2944 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 2944 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 1544 wrote to memory of 1592 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1544 wrote to memory of 1592 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1544 wrote to memory of 1592 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1592 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 1592 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 1592 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 5048 wrote to memory of 5028 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 5048 wrote to memory of 5028 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 5048 wrote to memory of 5028 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 5028 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 5028 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 5028 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com
PID 3756 wrote to memory of 1548 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 3756 wrote to memory of 1548 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 3756 wrote to memory of 1548 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1548 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1548 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 1548 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 5008 wrote to memory of 2748 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 5008 wrote to memory of 2748 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 5008 wrote to memory of 2748 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE
PID 2748 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv 6YQ7WF8HZUasDivsaGZ+nA.0.2

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\706C52~1.EXE

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\3582-490\706c5252bf8980ccd2025769d5b5e9d0_NeikiAnalytics.exe

MD5 65b55eebb2829cec1129f85211b24291
SHA1 f34273805c9da5dd90b820e738ad58524194d46f
SHA256 f9f4555c80d4ca9086c861bfdf589dc8545089b0036e52fd338f162ccc83a7ca
SHA512 45acd843a570122f8ee3bcd254cfc0ac2d6a82a6273281089d13b61d1c7b393aec292c8dd802ab5db78c9172ae7a5d59b66b27f302747480e337e61a2515bd1d

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/4652-16-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4556-20-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d6392e4aa462bf36bd0756fc03014718
SHA1 4a5914ecf5713780c372bd421b46bc1b92c4ba2d
SHA256 3e3c8ca31e349decd2fc2998fc49049c32ab8b1058827780e3b9167b040fd1e7
SHA512 3a7f1bb6c85404368c9095e08774eaf0e31fb4fbede197728ab7f0357d4cffbb8333cffee5e1612e4c3ff5b8b7171fe53ca301f1d83ed3c5114f7b1b45937249

memory/3716-28-0x0000000000400000-0x000000000041B000-memory.dmp

memory/708-32-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2004-40-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4920-44-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1552-52-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3896-56-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1088-64-0x0000000000400000-0x000000000041B000-memory.dmp

memory/64-68-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE

MD5 a344438de9e499ca3d9038688440f406
SHA1 c961917349de7e9d269f6f4a5593b6b9d3fcd4d2
SHA256 715f6420c423ae4068b25a703d5575f7c147b26e388f0fff1ae20c6abe821557
SHA512 8bf3c621725fddafa6326b057fee9beee95966e43c5fbab40ebaa4a1a64d17acca97a19d0ece10c3574e13e194ff191316871d1d46d4d74ffc0ac3efb403bca9

C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe

MD5 322302633e36360a24252f6291cdfc91
SHA1 238ed62353776c646957efefc0174c545c2afa3d
SHA256 31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c
SHA512 5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373

C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

MD5 8ffc3bdf4a1903d9e28b99d1643fc9c7
SHA1 919ba8594db0ae245a8abd80f9f3698826fc6fe5
SHA256 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6
SHA512 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe

MD5 cce8964848413b49f18a44da9cb0a79b
SHA1 0b7452100d400acebb1c1887542f322a92cbd7ae
SHA256 fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5
SHA512 bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d

memory/3612-97-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2944-107-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1544-109-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe

MD5 15f4411f1b14234b5bed948ed78fa86e
SHA1 f9775a3d87efb22702d934322ffcda3511b79c17
SHA256 cd6c08078343089d299a30f7bf16555ab349e946892dca1c49c6c0336d27ff0e
SHA512 c44d2e96d6d0264075379066fd5d11ba30a675bb6f6b6279c4ac0d12066975c30c33b69b52457cbed4e35852e8b15b3daad9274d6f957ae0681fb7a6c48a33cb

memory/1592-144-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE

MD5 5da33a7b7941c4e76208ee7cddec8e0b
SHA1 cdd2e7b9b0e4be68417d4618e20a8283887c489c
SHA256 531e735e4e8940dfe21e30be0d4179ceaecb57ce431cf63c5044e07048ac1751
SHA512 977aeecfbc693c9d5746fedf08b99e0b0f6fd7b0c7b41ac2b34a832e68a2e6f3c68f38af2e65c87075fcf00c1c6103e34324df45d7da9412cbbeea7e410794b6

C:\PROGRA~2\Google\Update\DISABL~1.EXE

MD5 3b0e91f9bb6c1f38f7b058c91300e582
SHA1 6e2e650941b1a96bb0bb19ff26a5d304bb09df5f
SHA256 57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d
SHA512 a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE

MD5 5c78384d8eb1f6cb8cb23d515cfe7c98
SHA1 b732ab6c3fbf2ded8a4d6c8962554d119f59082e
SHA256 9abd7f0aa942ee6b263cdc4b32a4110ddb95e43ad411190f0ea48c0064884564
SHA512 99324af5f8fb70a9d01f97d845a4c6999053d6567ba5b80830a843a1634b02eaf3c0c04ced924cf1b1be9b4d1dbbcb95538385f7f85ad84d3eaaa6dcdebcc8a6

memory/5048-199-0x0000000000400000-0x000000000041B000-memory.dmp

memory/5028-207-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe

MD5 5119e350591269f44f732b470024bb7c
SHA1 4ccd48e4c6ba6e162d1520760ee3063e93e2c014
SHA256 2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873
SHA512 599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE

MD5 27543bab17420af611ccc3029db9465a
SHA1 f0f96fd53f9695737a3fa6145bc5a6ce58227966
SHA256 75530dc732f35cc796d19edd11ae6d6f6ef6499ddcf2e57307582b1c5299554c
SHA512 a62c2dd60e1df309ec1bb48ea85184914962ba83766f29d878569549ca20fca68f304f4494702d9e5f09adedc2166e48ee0bc1f4a5d9e245c5490daf15036bea

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE

MD5 11486d1d22eaacf01580e3e650f1da3f
SHA1 a47a721efec08ade8456a6918c3de413a2f8c7a2
SHA256 5e1b1daa9968ca19a58714617b7e691b6b6f34bfacaf0dcf4792c48888b1a5d3
SHA512 5bd54e1c1308e04a769e089ab37bd9236ab97343b486b85a018f2c8ad060503c97e8bc51f911a63f9b96dd734eb7d21e0a5c447951246d972b05fafeef4633da

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE

MD5 a5d9eaa7d52bffc494a5f58203c6c1b5
SHA1 97928ba7b61b46a1a77a38445679d040ffca7cc8
SHA256 34b8662d38e7d3d6394fa6c965d943d2c82ea06ba9d7a0af4f8e0571fb5a9c48
SHA512 b6fdc8389bb4d736d608600469be6a4b0452aa3ea082f9a0791022a14c02b8fb7dcd62df133b0518e91283094eaba2be9318316f72d2c4aae6286d3e8686e787

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE

MD5 eb008f1890fed6dc7d13a25ff9c35724
SHA1 751d3b944f160b1f77c1c8852af25b65ae9d649c
SHA256 a9b7b9155af49d651b092bb1665447059f7a1d0061f88fa320d4f956b9723090
SHA512 9cfe3480f24bf8970ad5773cb9df51d132ee90ada35cbf8ec1222e09a60ae46b2ff4b96862fea19085b1c32f93c47c69f604589fa3f4af17e5d67bef893b6bf1

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe

MD5 6ce350ad38c8f7cbe5dd8fda30d11fa1
SHA1 4f232b8cccd031c25378b4770f85e8038e8655d8
SHA256 06a3bb0bdd2da870bc8dc2c6b760855cea7821273ce59fc0be158149e52915ba
SHA512 4c18a112fec391f443a4ae217ac6d1850e0cfdad4b2d2cbe3f61cb01c0a1400ea6bd5c3ffe0a9978ead50e7f6cfab96ae5090bb9a611f988f1a86ccaa5d4cd4f

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE

MD5 301d7f5daa3b48c83df5f6b35de99982
SHA1 17e68d91f3ec1eabde1451351cc690a1978d2cd4
SHA256 abe398284d90be5e5e78f98654b88664e2e14478f7eb3f55c5fd1c1bcf1bebee
SHA512 4a72a24dec461d116fe8324c651913273ccaa50cb036ccdacb3ae300e417cf4a64aa458869b8d2f3b4c298c59977437d11b241d08b391a481c3226954bba22e4

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE

MD5 41b1e87b538616c6020369134cbce857
SHA1 a255c7fef7ba2fc1a7c45d992270d5af023c5f67
SHA256 08465cc139ee50a7497f8c842f74730d3a8f1a73c0b7caca95e9e6d37d3beed3
SHA512 3a354d3577b45f6736203d5a35a2d1d543da2d1e268cefeffe6bdb723ff63c720ceb2838701144f5fec611470d77649846e0fb4770d6439f321f6b819f03e4db

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE

MD5 5e08d87c074f0f8e3a8e8c76c5bf92ee
SHA1 f52a554a5029fb4749842b2213d4196c95d48561
SHA256 5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714
SHA512 dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE

MD5 7c73e01bd682dc67ef2fbb679be99866
SHA1 ad3834bd9f95f8bf64eb5be0a610427940407117
SHA256 da333c92fdfd2e8092f5b56686b94f713f8fa27ef8f333e7222259ad1eb08f5d
SHA512 b2f3398e486cde482cb6bea18f4e5312fa2db7382ca25cea17bcba5ab1ff0e891d59328bc567641a9da05caca4d7c61dc102289d46e7135f947ce6155e295711

C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE

MD5 f7c714dbf8e08ca2ed1a2bfb8ca97668
SHA1 cc78bf232157f98b68b8d81327f9f826dabb18ab
SHA256 fc379fda348644fef660a3796861c122aa2dd5498e80279d1279a7ddb259e899
SHA512 28bc04c4df3f632865e68e83d045b3ecd2a263e62853c922b260d0734026e8a1541988fcbf4ddc9cf3aba6863214d6c6eb51f8bbb2586122a7cb01a70f08d16c

C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE

MD5 25e165d6a9c6c0c77ee1f94c9e58754b
SHA1 9b614c1280c75d058508bba2a468f376444b10c1
SHA256 8bbe59987228dd9ab297f9ea34143ea1e926bfb19f3d81c2904ab877f31e1217
SHA512 7d55c7d86ccabb6e9769ebca44764f4d89e221d5756e5c5d211e52c271e3ce222df90bc9938248e2e210d6695f30f6280d929d19ef41c09d3ea31688ae24d4bf

C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE

MD5 e5589ec1e4edb74cc7facdaac2acabfd
SHA1 9b12220318e848ed87bb7604d6f6f5df5dbc6b3f
SHA256 6ce92587a138ec07dac387a294d0bbe8ab629599d1a2868d2afaccea3b245d67
SHA512 f36ab33894681f51b9cec7ea5a738eb081a56bcd7625bdd2f5ef2c084e4beb7378be8f292af3aeae79d9317ba57cc41df89f00aef52e58987bdb2eac3f48171a

C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE

MD5 96a14f39834c93363eebf40ae941242c
SHA1 5a3a676403d4e6ad0a51d0f0e2bbdd636ae5d6fc
SHA256 8ee4aa23eb92c4aba9a46b18ac249a5fa11c5abb7e2c1ca82cd5196401db790a
SHA512 fbf307a8053e9478a52cfdf8e8bad3d7c6664c893458786ae6ee4fffc6fe93006e99a2a60c97fb62dad1addd5247621517f4edee5d9545717c4587a272cef9a2

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

MD5 de69c005b0bbb513e946389227183eeb
SHA1 2a64efdcdc71654356f77a5b77da8b840dcc6674
SHA256 ad7b167ab599b6dad7e7f0ad47368643d91885253f95fadf0fadd1f8eb6ee9c7
SHA512 6ca8cec0cf20ee9b8dfe263e48f211b6f1e19e3b4fc0f6e89807f39d3f4e862f0139eb5b35e3133ef60555589ad54406fb11d95845568a5538602f287863b7d7

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe

MD5 6f87ccb8ab73b21c9b8288b812de8efa
SHA1 a709254f843a4cb50eec3bb0a4170ad3e74ea9b3
SHA256 14e7a1f2f930380903ae3c912b4a70fd0a59916315c46874805020fe41215c22
SHA512 619b45b9728880691a88fbfc396c9d34b41d5e349e04d2eb2d18c535fffc079395835af2af7ca69319954a98852d2f9b7891eff91864d63bf25759c156e192ee

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe

MD5 0511abca39ed6d36fff86a8b6f2266cd
SHA1 bfe55ac898d7a570ec535328b6283a1cdfa33b00
SHA256 76ae68fc7c6c552c4a98c5df640cd96cf27b62e7e1536b7f7d08eff56fcde8b8
SHA512 6608412e3ed0057f387bafcddcb07bfe7da4f207c7300c460e5acc4bd234cec3362191800789eb465eb120ec069e3ed49eabb6bd7db30d9e9245a89bb20e4346

C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE

MD5 cbd96ba6abe7564cb5980502eec0b5f6
SHA1 74e1fe1429cec3e91f55364e5cb8385a64bb0006
SHA256 405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa
SHA512 a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc

C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe

MD5 e7a27a45efa530c657f58fda9f3b9f4a
SHA1 6c0d29a8b75574e904ab1c39fc76b39ca8f8e461
SHA256 d6f11401f57293922fb36cd7542ae811ab567a512449e566f83ce0dcef5ff8e5
SHA512 0c37b41f3c075cd89a764d81f751c3a704a19240ad8e4ebab591f399b9b168b920575749e9d24c2a8f0400b9f340ab9fea4db76ff7060d8af00e2b36ac0c4a54

C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe

MD5 e316c67c785d3e39e90341b0bbaac705
SHA1 7ffd89492438a97ad848068cfdaab30c66afca35
SHA256 4fc8b9433b45c2607cbdf3d1c042c3918b854c9db3ade13b5bb2761d28f1c478
SHA512 25ec433c10adc69305de97107463be74d7b4768acca27886498485e8bc2c8b099994e6c1c6c09a7e603816203d6b18e509fb79f24992915eb802f59bcb790090

memory/3756-212-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1548-228-0x0000000000400000-0x000000000041B000-memory.dmp

memory/5008-236-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-243-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3548-248-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3352-255-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4556-256-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4324-263-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4744-264-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2712-271-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1132-272-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2920-274-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4044-280-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2928-282-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1088-288-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2168-290-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2288-296-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4836-303-0x0000000000400000-0x000000000041B000-memory.dmp

memory/344-304-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4988-306-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1544-312-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4820-314-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1948-320-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2700-322-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1360-328-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1884-330-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2232-336-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4228-343-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1048-344-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4896-351-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4940-352-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2768-359-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3808-360-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2784-367-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4440-368-0x0000000000400000-0x000000000041B000-memory.dmp

memory/5008-370-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3064-376-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2676-383-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2608-384-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3352-386-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2068-392-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1984-394-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2004-400-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4156-402-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2920-408-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2016-410-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3028-416-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1904-418-0x0000000000400000-0x000000000041B000-memory.dmp