Analysis Overview
SHA256
edd1776d51dc7b82153c41c5870afe1508dedbdd03994274d9d4f2deeef8fe8a
Threat Level: Known bad
The file 240613-mhrwhsyfjr_pw_infected.zip was found to be: Known bad.
Malicious Activity Summary
Neshta family
Neshta
Detect Neshta payload
Downloads MZ/PE file
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
UPX packed file
Modifies system executable filetype association
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Runs regedit.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-16 11:06
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Neshta family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 11:06
Reported
2024-06-16 11:13
Platform
win10v2004-20240611-en
Max time kernel
304s
Max time network
305s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747dd5a520297697c280a00436847460_NeikiAnalytics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
Executes dropped EXE
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\747dd5a520297697c280a00436847460_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"%1\" %*" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"%1\" %*" | C:\Users\Admin\Downloads\avg_remover_neshta.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\747dd5a520297697c280a00436847460_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"%1\" %*" | C:\Users\Admin\Downloads\avg_remover_neshta.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\avg_remover_neshta.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\747dd5a520297697c280a00436847460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\747dd5a520297697c280a00436847460_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\747dd5a520297697c280a00436847460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\747dd5a520297697c280a00436847460_NeikiAnalytics.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv RW2EdmNBTUKA9VjDlWBFmA.0.1
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\747DD5~1.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.0.35012451\1195058717" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1744 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68fc8b14-2bf2-4a98-8364-b1a0b604ad04} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1844 29b9cb10458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.1.2019930827\461890173" -parentBuildID 20230214051806 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6ba9703-0c7d-4933-a3db-4203db6c77bb} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 2416 29b8fd89958 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.2.1417840329\1882701219" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2912 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3edbf88b-d948-4521-b42e-7d3512cfdcc7} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 3004 29b9f4e9b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.3.1574366063\1314853846" -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {764a510c-792f-4c5d-8551-b373359bb169} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 3632 29ba17de658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.4.1257548633\647025573" -childID 3 -isForBrowser -prefsHandle 5076 -prefMapHandle 5072 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09d3a6b6-49ea-43e4-89a1-5703df452520} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 5084 29ba3746558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.5.1496216350\975320749" -childID 4 -isForBrowser -prefsHandle 5308 -prefMapHandle 5304 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58e7738f-b11a-4251-af67-6df6950d35c8} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 5228 29ba3f2ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.6.943194940\752507879" -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5496 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cc6a3f1-e8aa-4dcd-b6b1-bd0580187d28} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 5420 29ba3f2c058 tab
C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.7.1095098662\694789737" -childID 6 -isForBrowser -prefsHandle 4668 -prefMapHandle 4664 -prefsLen 28098 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ca85d2d-77c1-420b-9620-2fec8728f7de} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1092 29ba2343d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.8.376499415\1222316655" -childID 7 -isForBrowser -prefsHandle 5744 -prefMapHandle 5756 -prefsLen 28098 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {763193cb-8837-446c-9739-95b7134407d1} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 6016 29ba50b7558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.9.2047876756\1153517926" -childID 8 -isForBrowser -prefsHandle 9852 -prefMapHandle 9856 -prefsLen 28098 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1a1f1e8-0534-47a0-8212-10fd4f828451} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 9844 29ba53c7658 tab
C:\Users\Admin\Downloads\avg_remover_neshta.exe
"C:\Users\Admin\Downloads\avg_remover_neshta.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://free.avg.com/download-file-stb-free-freets3
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe" --single-argument http://free.avg.com/download-file-stb-free-freets3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://free.avg.com/download-file-stb-free-freets3
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe" --single-argument http://free.avg.com/download-file-stb-free-freets3
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe --single-argument http://free.avg.com/download-file-stb-free-freets3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:54553 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 163.194.232.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:54559 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 68.185.250.142.in-addr.arpa | udp |
| DE | 142.250.185.68:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.avg.com | udp |
| BE | 104.68.90.189:443 | www.avg.com | tcp |
| US | 8.8.8.8:53 | e13947.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e13947.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | static2.avg.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| US | 23.53.113.19:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 189.90.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.113.53.23.in-addr.arpa | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | www.nortonlifelock.com | udp |
| IE | 52.214.77.117:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| BE | 104.90.25.237:443 | www.nortonlifelock.com | tcp |
| US | 8.8.8.8:53 | e4117.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | e4117.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| BE | 104.90.24.133:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | e4518.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4518.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | zn8ksx2qgjavxayw6-gendigital.siteintercept.qualtrics.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | mstatic.avg.com | udp |
| US | 104.17.208.240:443 | zn8ksx2qgjavxayw6-gendigital.siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| NL | 20.50.2.58:443 | mstatic.avg.com | tcp |
| US | 8.8.8.8:53 | prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | symantec.demdex.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| US | 8.8.8.8:53 | oms.avg.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | mstatic.avg.com | udp |
| IE | 34.251.71.27:443 | symantec.demdex.net | tcp |
| IE | 66.235.152.221:443 | oms.avg.com | tcp |
| US | 8.8.8.8:53 | no3nhf087c.data.adobedc.net | udp |
| US | 8.8.8.8:53 | siteintercept.qualtrics.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| BE | 104.90.24.133:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | cm.everesttech.net.akadns.net | udp |
| US | 8.8.8.8:53 | no3nhf087c.data.adobedc.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 104.17.208.240:443 | siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | cm.everesttech.net.akadns.net | udp |
| US | 8.8.8.8:53 | e4518.dscapi7.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4518.dscapi7.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.77.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.208.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.2.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.71.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.24.90.104.in-addr.arpa | udp |
| BE | 104.90.24.133:443 | e4518.dscapi7.akamaiedge.net | udp |
| GB | 13.224.245.87:443 | static-cdn.hotjar.com | tcp |
| IE | 34.249.24.243:443 | cm.everesttech.net.akadns.net | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| GB | 18.245.253.48:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| DE | 142.250.186.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | vc.hotjar.io | udp |
| DE | 142.250.186.162:443 | googleads.g.doubleclick.net | udp |
| GB | 99.84.9.16:443 | vc.hotjar.io | tcp |
| US | 8.8.8.8:53 | vc-live-cf.hotjar.io | udp |
| US | 8.8.8.8:53 | 0217991b.akstat.io | udp |
| US | 8.8.8.8:53 | vc-live-cf.hotjar.io | udp |
| BE | 104.90.24.133:443 | 0217991b.akstat.io | tcp |
| BE | 104.90.24.133:443 | 0217991b.akstat.io | udp |
| US | 8.8.8.8:53 | 87.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.24.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.253.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.9.84.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 34.117.39.58:443 | www.upsellit.com | tcp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 172.64.155.119:443 | privacyportal-de.onetrust.com | tcp |
| US | 172.64.155.119:443 | privacyportal-de.onetrust.com | tcp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 34.117.223.223:443 | analytics.ff.avast.com | tcp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 8.8.8.8:53 | analytics-prod-gcp.ff.avast.com | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 8.8.8.8:53 | analytics-prod-gcp.ff.avast.com | udp |
| US | 34.117.39.58:443 | www.upsellit.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 34.117.223.223:443 | analytics-prod-gcp.ff.avast.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.39.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.223.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | metrics.hotjar.io | udp |
| US | 8.8.8.8:53 | pacman-metrics-live.live.eks.hotjar.com | udp |
| IE | 54.246.156.144:443 | pacman-metrics-live.live.eks.hotjar.com | tcp |
| US | 8.8.8.8:53 | pacman-metrics-live.live.eks.hotjar.com | udp |
| US | 8.8.8.8:53 | 156.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.156.246.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.avg.com | udp |
| NL | 104.97.14.88:443 | download.avg.com | tcp |
| US | 8.8.8.8:53 | a56.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | a56.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | files-download.avg.com | udp |
| GB | 2.22.133.253:443 | files-download.avg.com | tcp |
| US | 8.8.8.8:53 | e13947.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e13947.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 88.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.133.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.116.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\3582-490\747dd5a520297697c280a00436847460_NeikiAnalytics.exe
| MD5 | 1df5bef57c72b8d23f5263046e5dd043 |
| SHA1 | 68e859eca519f8f5cc1c9ceb3dfaaac87e17b544 |
| SHA256 | 43bb08a4762778843eca24c57d61f854a3c4a21f4da9f6bb15a34764a07596f3 |
| SHA512 | 4bee5ae57f39b842c481280ac98c75106ed41aa34b783c2967a705511268fe2a4a2a489386c9b5bd2d291454989b9d7f7d644ef36300ca9feada4f016c592332 |
C:\Windows\svchost.com
| MD5 | 223dd32576ace5da898257671c5cdf36 |
| SHA1 | 87474af22e6a24ef24de43d2e798c87bd986514c |
| SHA256 | 8d4dbd3013a493f904e0863bb55d910bbb640ef3bdc6fcbaf3c78e95fbdd5254 |
| SHA512 | aaef06b777e4b015af8843b2955af6fbc4c6c7a0630729737a76464d9a443cf673b5b583ae7cf2ea2333f81bd083cf104bb4da9add41a5da48bc4eb1bf0dbdc7 |
memory/924-16-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | 5ac1fd5515366b3ff2073ec90f52d9a2 |
| SHA1 | b5e7a378b2d0c9084d492031515f961cc1da3ed7 |
| SHA256 | 2a8028d5bc2b012f2339457aa33c11232fac465b5e78115eee2675c5a172b437 |
| SHA512 | df68050295166523a52ff35224e77bc74b1f9a5c5c3a462b19cade714c4b64c68b957570a0d679f550d415f8a5abd16f175ec4275a950e2d89186582a00f0244 |
memory/1708-26-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2832-28-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1032-32-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2104-40-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3688-44-0x0000000000400000-0x000000000041B000-memory.dmp
memory/464-52-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1620-56-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2676-64-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2732-74-0x0000000000400000-0x000000000041B000-memory.dmp
memory/396-76-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3396-80-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4980-92-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
| MD5 | 8ffc3bdf4a1903d9e28b99d1643fc9c7 |
| SHA1 | 919ba8594db0ae245a8abd80f9f3698826fc6fe5 |
| SHA256 | 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6 |
| SHA512 | 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427 |
memory/3976-119-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE
| MD5 | 12c29dd57aa69f45ddd2e47620e0a8d9 |
| SHA1 | ba297aa3fe237ca916257bc46370b360a2db2223 |
| SHA256 | 22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880 |
| SHA512 | 255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE
| MD5 | 92dc0a5b61c98ac6ca3c9e09711e0a5d |
| SHA1 | f809f50cfdfbc469561bced921d0bad343a0d7b4 |
| SHA256 | 3e9da97a7106122245e77f13f3f3cc96c055d732ab841eb848d03ac25401c1bc |
| SHA512 | d9eefb19f82e0786d9be0dbe5e339d25473fb3a09682f40c6d190d4c320cca5556abb72b5d97c6b0da4f8faefdc6d39ac9d0415fdf94ebcc90ecdf2e513c6a31 |
memory/2696-120-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2692-124-0x0000000000400000-0x000000000041B000-memory.dmp
memory/892-132-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1372-143-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe
| MD5 | 8e42f3a4a399d84e67ed633ba23863cb |
| SHA1 | 02ebfa5274214dcc48acfd24b8da3fb5cb93f6c6 |
| SHA256 | 42716ea8beca9e555cef3b78a2fbf836c9da034318d625262810290309d955db |
| SHA512 | 0f6af721a89c2cf7249ecb1cc0a263c6252f8762b7381b35ccff6347d7d069799d2f0561bec0a651d690fbf29c98050bf15b604d3cca668b7437503ba102492f |
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe
| MD5 | e7a27a45efa530c657f58fda9f3b9f4a |
| SHA1 | 6c0d29a8b75574e904ab1c39fc76b39ca8f8e461 |
| SHA256 | d6f11401f57293922fb36cd7542ae811ab567a512449e566f83ce0dcef5ff8e5 |
| SHA512 | 0c37b41f3c075cd89a764d81f751c3a704a19240ad8e4ebab591f399b9b168b920575749e9d24c2a8f0400b9f340ab9fea4db76ff7060d8af00e2b36ac0c4a54 |
memory/3700-156-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\java.exe
| MD5 | 0511abca39ed6d36fff86a8b6f2266cd |
| SHA1 | bfe55ac898d7a570ec535328b6283a1cdfa33b00 |
| SHA256 | 76ae68fc7c6c552c4a98c5df640cd96cf27b62e7e1536b7f7d08eff56fcde8b8 |
| SHA512 | 6608412e3ed0057f387bafcddcb07bfe7da4f207c7300c460e5acc4bd234cec3362191800789eb465eb120ec069e3ed49eabb6bd7db30d9e9245a89bb20e4346 |
C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE
| MD5 | e5589ec1e4edb74cc7facdaac2acabfd |
| SHA1 | 9b12220318e848ed87bb7604d6f6f5df5dbc6b3f |
| SHA256 | 6ce92587a138ec07dac387a294d0bbe8ab629599d1a2868d2afaccea3b245d67 |
| SHA512 | f36ab33894681f51b9cec7ea5a738eb081a56bcd7625bdd2f5ef2c084e4beb7378be8f292af3aeae79d9317ba57cc41df89f00aef52e58987bdb2eac3f48171a |
C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE
| MD5 | f7c714dbf8e08ca2ed1a2bfb8ca97668 |
| SHA1 | cc78bf232157f98b68b8d81327f9f826dabb18ab |
| SHA256 | fc379fda348644fef660a3796861c122aa2dd5498e80279d1279a7ddb259e899 |
| SHA512 | 28bc04c4df3f632865e68e83d045b3ecd2a263e62853c922b260d0734026e8a1541988fcbf4ddc9cf3aba6863214d6c6eb51f8bbb2586122a7cb01a70f08d16c |
C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE
| MD5 | 96a14f39834c93363eebf40ae941242c |
| SHA1 | 5a3a676403d4e6ad0a51d0f0e2bbdd636ae5d6fc |
| SHA256 | 8ee4aa23eb92c4aba9a46b18ac249a5fa11c5abb7e2c1ca82cd5196401db790a |
| SHA512 | fbf307a8053e9478a52cfdf8e8bad3d7c6664c893458786ae6ee4fffc6fe93006e99a2a60c97fb62dad1addd5247621517f4edee5d9545717c4587a272cef9a2 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE
| MD5 | 301d7f5daa3b48c83df5f6b35de99982 |
| SHA1 | 17e68d91f3ec1eabde1451351cc690a1978d2cd4 |
| SHA256 | abe398284d90be5e5e78f98654b88664e2e14478f7eb3f55c5fd1c1bcf1bebee |
| SHA512 | 4a72a24dec461d116fe8324c651913273ccaa50cb036ccdacb3ae300e417cf4a64aa458869b8d2f3b4c298c59977437d11b241d08b391a481c3226954bba22e4 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE
| MD5 | 5e08d87c074f0f8e3a8e8c76c5bf92ee |
| SHA1 | f52a554a5029fb4749842b2213d4196c95d48561 |
| SHA256 | 5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714 |
| SHA512 | dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe
| MD5 | 5119e350591269f44f732b470024bb7c |
| SHA1 | 4ccd48e4c6ba6e162d1520760ee3063e93e2c014 |
| SHA256 | 2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873 |
| SHA512 | 599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE
| MD5 | 7c73e01bd682dc67ef2fbb679be99866 |
| SHA1 | ad3834bd9f95f8bf64eb5be0a610427940407117 |
| SHA256 | da333c92fdfd2e8092f5b56686b94f713f8fa27ef8f333e7222259ad1eb08f5d |
| SHA512 | b2f3398e486cde482cb6bea18f4e5312fa2db7382ca25cea17bcba5ab1ff0e891d59328bc567641a9da05caca4d7c61dc102289d46e7135f947ce6155e295711 |
C:\PROGRA~2\MICROS~1\EdgeCore\125025~1.92\MSEDGE~3.EXE
| MD5 | 14c76fcbecbac25811d3e3af4a1d9535 |
| SHA1 | 4a65c0e22f4b4c9419f3cc4a961281eab6ba24de |
| SHA256 | e7ce3131d752da7061f691032510e3d054386865744d4149c2f672d682ac295d |
| SHA512 | a95a3bb03bc46f1362bac78bed0b9df05395917b5d6cde48f184b2a11b69f0a183d3e36e016ce647398ce79e008b75bc5776211d4b1eb1ee0554c5fd3b58d3a4 |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE
| MD5 | 3b0e91f9bb6c1f38f7b058c91300e582 |
| SHA1 | 6e2e650941b1a96bb0bb19ff26a5d304bb09df5f |
| SHA256 | 57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d |
| SHA512 | a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f |
C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\BHO\ie_to_edge_stub.exe
| MD5 | 6f8451ebd872f0cf0b4ac8cdc48d21d0 |
| SHA1 | 619aa4f17cf90b114faf2643ca3ca1b36ce089ad |
| SHA256 | 09c249bf6569f009bfcb67dc6e0c92ce8d8482634b9776454186140b5dbde23e |
| SHA512 | 3cf890ba0a39cb3609f0ab2203dbfaaa92748e76dd150f19ce14d60a18c41248f15e184a18a72a796fe83662686cb94a2d5b19f0b20c070d12f49ce429c710db |
C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\cookie_exporter.exe
| MD5 | 0373c4900e10efdcba354f7d89ce3a11 |
| SHA1 | 2f2d62d06dab202157b33d6984e94d8326e94add |
| SHA256 | bb8b08413250fe316dabf53e471491c2bfbfed2dbba733c4df38e714dbfe71b0 |
| SHA512 | 6fdc31a2b01860195e003a265cac78201758274ccb602a456934959eeb578635c9a45bcdacbf2c68d29034b257d3320bdad93619ef56f3659bcf6a1c3a8d6b1a |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE
| MD5 | 400836f307cf7dbfb469cefd3b0391e7 |
| SHA1 | 7af3cbb12d3b2d8b5d9553c687c6129d1dd90a10 |
| SHA256 | cb5c5abb625a812d47007c75e3855be3f29da527a41cf03730ad5c81f3eb629a |
| SHA512 | aa53cb304478585d6f83b19a6de4a7938ba2570d380a565a56ff5365aed073d5f56b95ad3228eb7d1e7e6110c6172a58b97bd6a5e57e4a8d39e762ed31dc17c8 |
memory/4880-169-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe
| MD5 | de69c005b0bbb513e946389227183eeb |
| SHA1 | 2a64efdcdc71654356f77a5b77da8b840dcc6674 |
| SHA256 | ad7b167ab599b6dad7e7f0ad47368643d91885253f95fadf0fadd1f8eb6ee9c7 |
| SHA512 | 6ca8cec0cf20ee9b8dfe263e48f211b6f1e19e3b4fc0f6e89807f39d3f4e862f0139eb5b35e3133ef60555589ad54406fb11d95845568a5538602f287863b7d7 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe
| MD5 | 6f87ccb8ab73b21c9b8288b812de8efa |
| SHA1 | a709254f843a4cb50eec3bb0a4170ad3e74ea9b3 |
| SHA256 | 14e7a1f2f930380903ae3c912b4a70fd0a59916315c46874805020fe41215c22 |
| SHA512 | 619b45b9728880691a88fbfc396c9d34b41d5e349e04d2eb2d18c535fffc079395835af2af7ca69319954a98852d2f9b7891eff91864d63bf25759c156e192ee |
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe
| MD5 | e316c67c785d3e39e90341b0bbaac705 |
| SHA1 | 7ffd89492438a97ad848068cfdaab30c66afca35 |
| SHA256 | 4fc8b9433b45c2607cbdf3d1c042c3918b854c9db3ade13b5bb2761d28f1c478 |
| SHA512 | 25ec433c10adc69305de97107463be74d7b4768acca27886498485e8bc2c8b099994e6c1c6c09a7e603816203d6b18e509fb79f24992915eb802f59bcb790090 |
memory/3504-252-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1480-259-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3508-271-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3256-273-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2548-284-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5080-291-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2104-297-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2092-299-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4008-305-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2704-307-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4360-313-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4036-315-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1292-321-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3324-323-0x0000000000400000-0x000000000041B000-memory.dmp
memory/332-329-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4956-336-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4608-337-0x0000000000400000-0x000000000041B000-memory.dmp
memory/800-339-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4380-345-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1668-352-0x0000000000400000-0x000000000041B000-memory.dmp
memory/928-353-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4444-355-0x0000000000400000-0x000000000041B000-memory.dmp
memory/724-361-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2360-368-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3312-369-0x0000000000400000-0x000000000041B000-memory.dmp
memory/744-371-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3684-377-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1968-379-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1616-385-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3860-387-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4120-393-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2944-395-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1888-401-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5112-403-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1376-409-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3876-411-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3508-417-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2832-424-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3468-425-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4764-427-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4948-433-0x0000000000400000-0x000000000041B000-memory.dmp
memory/408-435-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3944-441-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3680-443-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 42d8cca66884771bd1f622cbcee33369 |
| SHA1 | 976921703e1454c951de08ab99ce4bc12f4b9032 |
| SHA256 | c7101a6b9d2f4a288b649ce1ef9f81e62b44d5958615509f250de25fe9f71fb6 |
| SHA512 | 4bcf94d79861fb75ac70e6a01cce2c1981aa19fe1f211f22b89fed126e373b0830930e1464a0c5b3a4c9790cb89d879a6bd455372ccd2e8e04268e4385c2f55c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
| MD5 | 615b8514dc22ef938478dc40a48bb36a |
| SHA1 | 2ba7639250f338ff42572733938ed32808f0d7d6 |
| SHA256 | e550dc6f2bee92f33f5d631c918c981370b35c79705a82b8993008e0da3aa2cf |
| SHA512 | 2d86e966ed39a4bc73f8685e1f6b24f81c9bed7f128a87c8bf8a8ffbad9e530b9338b4ba3c2b5026bd872e240076253f53cec64b90351d6d7b088b39e37f6eeb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 2f53fbe46b32611f257be26067db1e28 |
| SHA1 | 8337fc7042255b4451bfdce3f40b5ddd12131b0b |
| SHA256 | 796142e75bb7e26a94eec3aa6da9ea24a59115231ba0ba347dab9ad6acf12d22 |
| SHA512 | f28534b7535c2d88f2a43fdee4ca870e72d0b50d3378c2919f9df6a91ca2e2b356bfba19b908d9ba6637315d7c7a51d35ed9dae26af56b1e064f2e83eec764fe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | de3f7a99b3a631bbd13fdb8ca131db67 |
| SHA1 | 1cce74a6ee77279aa6fc46c30fe3f2ac78997861 |
| SHA256 | 35875f0225500974e28902458d80398ed5ccdace7644fdad69126a2c84365c64 |
| SHA512 | 48f17826238f1ac566ee9972ca4da1a21d247ada6d9c0e00e56f206e6fc1d11f936103c949452bae274a6531c0776f62a0695c642429c778f4cab2dfd48a164a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
| MD5 | 2681559640f5130f96338ccec65ef0e4 |
| SHA1 | f9aa90b01831091533d25ae4383179673e02940c |
| SHA256 | f42552dfe6cef37ee885f48f6af46b770c634a5efeda037202acbf2b5fac672d |
| SHA512 | a0b23c1c676535685aa0f1612a5be9c704f2a307326e007eaa791fb61b5c8bb627e2e5a9327ce67cbc4c62da48550045b964b79354a895fc685697acbdf41e49 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b4cd2d7c5e2b0bfe23388e0c3e7810c0 |
| SHA1 | 2ec1c3c387adbd10ed1ef49c00ee68d53b38dca0 |
| SHA256 | 68c194e01a523561222cf2dfcfd7726ad639e43b9300abed762f04fba089c933 |
| SHA512 | ef97ee79db7e7b299c3da98aeb379d88d945d69b48689650fccf7ad64e48c8d4e9ce51a35c48c21c968f741b2ab41c52c795bcb0325924d3ccd88d03da1a4332 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\7C3011E186E64FFFA59029CF876BCC19626D5F8B
| MD5 | 8b87795b108eadd2cdcde25fbc8ba26a |
| SHA1 | b38b9ca93ff89c5d77270ff5b538de57ec994cc3 |
| SHA256 | 8ece5eb4d463ec755e960a882b65d5fe319f31a1286e14e228c8d9f3c4f99440 |
| SHA512 | 464986dffa7056a0173d34467ec36f609dd935505421e053c9132fe6bafdc5966ef59420dff0ce2f569fa065ca28c73753adb96df3de80d63a21c65edf0fac01 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\doomed\9506
| MD5 | e208301a3073ca5fc809944f8a246e7b |
| SHA1 | aaed01381da64d4c59ae8dcf2de114c63afd2f0f |
| SHA256 | fc86474e4827c62bb722ca045f3a36a69f4abe3765c53e778e3da1045948d562 |
| SHA512 | f5253f6e6c7f1d79da0574df0a87a02f3d1c5a3d2d654e18afca71977c8ff77e01a5712bb4df26de8da099a5ef61b5ddf5fac8b96c54f76013d0a6333dba7e5a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b4e36efff4e3ff9a1b25cd4cbac69235 |
| SHA1 | 8b40b4f5ee209c78ba24159b97945f3f17eb2338 |
| SHA256 | 0dd18eb5cb39b9e7f4fc517c101627c8a5b0f075fd972f15304aa49bdd692bf2 |
| SHA512 | f4afc8aed708e21105e3ddbd66c0648727686333b145636e99eb4324bb1705de80a0c187156d6b12929731c64d99cd6bc81365a791df13053393f3ea261027b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0c7373c41906f7ab4aa9be1b6ee52ecf |
| SHA1 | be0a9ad95a9a3a00dfc5911097d9cd0b84a557f7 |
| SHA256 | c519a8b8ee1849779df0ce9a34c33684098b0586e7e33cf0a72f40d58b93f265 |
| SHA512 | 81bcda875ef24073858669ce2087fe6fdc57c865cc6f66e435d0b57f0cded0dc27208288d168eb9f9c0b19abfcb5cad03ed8b5da0e8d4a6981ccedf6fd1922e8 |
C:\Users\Admin\Downloads\avg_remover_neshta.gA91SP_p.exe.part
| MD5 | ea0b24b1421e0b164ce1bf98ea0a686b |
| SHA1 | 1f6129787873431a0dd2e81acfe61faa7aab7a71 |
| SHA256 | 9ba6a2f21ec0aee39cfc256311424dd297f500d522eca4208f149fc9daf0ddd7 |
| SHA512 | eec36baae08cbb3b7fd3e75900202cd24806609ca77d0cdd93391541c4c7a64006efccf84896a290e90437f3de5a80d0cd745762255290404a87792b62296ba5 |
memory/2704-1615-0x0000000000450000-0x000000000157D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a24ef17cbf1def325417d6abd302a297 |
| SHA1 | 36efc35e227915c369254811de4aceb4b648cb17 |
| SHA256 | 33f9751896a48ced79a3a22283de58f97c077c0e9f06d3cda13d31eba661f94a |
| SHA512 | d7c2848a71475639ac73518d9f9a9cf0ade647549de4821b91ca2c6cb2ad37122cafc87830a3d900b2955400e67f1eaf9744789953a946cde3d4fc20c6df6a0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ff4d4f8ffef7be3c33c33540fbb1826c |
| SHA1 | ebb7342d6d724b23b2e793b63a708e585dafc6f3 |
| SHA256 | 45818fc1fdc78f0f414fc400ac976e9c65e6b359236bd8a951b947ab222fa5c4 |
| SHA512 | bbf147348e9960251e25a0e3bbb481a7484bbf663c6e452a6ffe34453fb3ec522fa3b6272b10c5de7067322b83ed77193991e85a873f5a65ca82655363b86253 |
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe
| MD5 | ad8536c7440638d40156e883ac25086e |
| SHA1 | fa9e8b7fb10473a01b8925c4c5b0888924a1147c |
| SHA256 | 73d84d249f16b943d1d3f9dd9e516fadd323e70939c29b4a640693eb8818ee9a |
| SHA512 | b5f368be8853aa142dba614dcca7e021aba92b337fe36cfc186714092a4dab1c7a2181954cd737923edd351149980182a090dbde91081c81d83f471ff18888fe |
C:\Windows\directx.sys
| MD5 | cc2f3b51f2e78cafce999e604a8b3277 |
| SHA1 | f2e64b7d1f0581052cbfea99a8a809922a62e69c |
| SHA256 | e6475c558d13bbad756c32a904648acf36c3f9bddd7aad597847cc159696c06f |
| SHA512 | 2cba040b4f1a5e137e9e44b1364ccec43173b677a24a3318b599c86ea4482ae2aaeb9f2af3be72fe6514dda0879b0bd506acd1e08b48f963c6ae446fc06cb6a1 |
memory/2704-1665-0x0000000000450000-0x000000000157D000-memory.dmp