Malware Analysis Report

2024-09-11 00:54

Sample ID 240616-zj6ghs1djj
Target 062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
SHA256 ce22d74fd01031c1e8cfb734c971b325b558287206da51bfd1958d90454807f4
Tags
neshta persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ce22d74fd01031c1e8cfb734c971b325b558287206da51bfd1958d90454807f4

Threat Level: Known bad

The file 062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

neshta persistence spyware stealer

Detect Neshta payload

Neshta

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-16 20:45

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 20:45

Reported

2024-06-16 20:48

Platform

win7-20240508-en

Max time kernel

140s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\MICROS~1\Office14\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\misc.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\SELFCERT.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\WMPDMC.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File created C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File created C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 2944 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 2944 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 2944 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 3012 wrote to memory of 1700 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3012 wrote to memory of 1700 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3012 wrote to memory of 1700 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3012 wrote to memory of 1700 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 1700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 1700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 1700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 1700 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 2740 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 2740 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 2740 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 2740 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 2532 wrote to memory of 2808 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 2532 wrote to memory of 2808 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 2532 wrote to memory of 2808 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 2532 wrote to memory of 2808 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 2808 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 2808 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 2808 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 2808 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 2688 wrote to memory of 2544 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2688 wrote to memory of 2544 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2688 wrote to memory of 2544 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2688 wrote to memory of 2544 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2544 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2544 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2544 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2544 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2932 wrote to memory of 1296 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2932 wrote to memory of 1296 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2932 wrote to memory of 1296 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2932 wrote to memory of 1296 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1296 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 1296 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 1296 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 1296 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2512 wrote to memory of 2564 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2512 wrote to memory of 2564 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2512 wrote to memory of 2564 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2512 wrote to memory of 2564 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2564 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2564 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2564 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2564 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 1648 wrote to memory of 2452 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1648 wrote to memory of 2452 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1648 wrote to memory of 2452 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1648 wrote to memory of 2452 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2452 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2452 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2452 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2452 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 1636 wrote to memory of 2416 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1636 wrote to memory of 2416 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1636 wrote to memory of 2416 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1636 wrote to memory of 2416 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2416 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2416 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2416 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2416 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Windows\svchost.exe

C:\Windows\svchost.exe

C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -Embedding

Network

N/A

Files

memory/2944-5-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\svchost.exe

MD5 9e3c13b6556d5636b745d3e466d47467
SHA1 2ac1c19e268c49bc508f83fe3d20f495deb3e538
SHA256 20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8
SHA512 5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

MD5 76d342457ee526cbf505e3cdc4c768d0
SHA1 efbac3e0c8693146ff17ea54928380428313a77d
SHA256 c40559b8a0dc15a7d95f3740b936859411e8745b526a6f981dd9ecafa0259659
SHA512 a016d02b66e4210be1b12ddf9fdded0a47a3491d65e8aa769772b2b0e97705a33c55db3d1c62610f7f7e051bf7a3bdf1cc2f51257ea5cbaf379c80ed610eb8c7

memory/3012-20-0x0000000000400000-0x000000000040D000-memory.dmp

\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

MD5 8265a7c6b81f0841d423a78bc27f775f
SHA1 930f55a9c99104e5c152ad9dc4d3922280304490
SHA256 c471b6fff565ec8a3c31957487edb5b4423e3de3eecc07ee3d8be44af582e396
SHA512 b729adc02bdb2fd97cf05da78ce6db3a20a3ceaaf43dc1a96083c4b0e31fe33e003f79e9b7aa47d91867c7a93466d8fab59bf8ddb8f4a0327fc8da00dc136b49

C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 15e2192b38b8c6162f477113b8ce027d
SHA1 673074054a49a25e9baf6fe2fc7cf8cfc8ae110a
SHA256 4a20c212912cb30990048b595bb1bd396672200f97518e01cc810d4566bb3a52
SHA512 d2427b1c786c13723697f55377a12be0a9cf097d01fd6ec16ec5777e79cc0a1234d5f82d52705e7a9b4a73815e0ce097d2ee39d90317b9fc776cffb15736065a

\MSOCache\ALLUSE~1\{9A861~1\ose.exe

MD5 9d10f99a6712e28f8acd5641e3a7ea6b
SHA1 835e982347db919a681ba12f3891f62152e50f0d
SHA256 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc
SHA512 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5

C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

MD5 82aea66046c40a87547e9faf52420e1e
SHA1 83a371bac360ac95d36bfc10a7035cd3c15c3edf
SHA256 fd9479e89de8863995cc31b3d3901b81eb065ce55f383b6a3843cd9653b74d63
SHA512 f46e4a7e2655543c543f8ba4faa0ea7a47f92147c76fb535e71e62a4b80e82e5e18497d734c5067d9a3286f29d739d85e6993f553e5f4a1dcab4d0a4928f3c9c

memory/2740-39-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

MD5 d6ad756bedcc73546ed7a618f1a4c8a7
SHA1 f1e1bc44ad92b447564965e239b3b422e32c251e
SHA256 b8365215def41984f46c8c29768ff6429bcd2136106328e1439d6b402576dea7
SHA512 e37b5b1896396b528e1f92a34a4c1e881ab123cd4164f1f31ee968590a646aa3b5036744c2b6e47cc2a752610591f79f8cad2f0f907327958385bf1f663056ae

memory/2532-48-0x0000000000400000-0x000000000040D000-memory.dmp

C:\Windows\svchost.com

MD5 e6c15799fdc715402d498ea81e2a261f
SHA1 75e86cc8544cebc0966aec573bad5930332335ec
SHA256 52dce55a381936e2f7647e2b26f2171188333f65d9edd45b6eec6d5dd376666f
SHA512 b08dcc69dfa8b8069ac2d86739f6be200ec00e6c049392b0bddc4f404b7ac0b36897a8baf305905eace26b482bdae18ecd090ac4f2b48d76b2008d96b3e723c7

C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe

MD5 cf6c595d3e5e9667667af096762fd9c4
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d
SHA512 ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 02ee6a3424782531461fb2f10713d3c1
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc
SHA512 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec

C:\Windows\directx.sys

MD5 dd188e07c93e8c566453b445437a3140
SHA1 cbcc5d57441a29d3f59e581652f1824adc8e2825
SHA256 bc3129c8c21fc299cc8412d0d5249bd7b6a88d46f0c1ae70d70d8fc2eb3d94d9
SHA512 60d8f31f64cb14e224bf93126b8dc3c12124a4b8e318b7c087197139180a661ea7994a251a283ffa9d10f336252f62c6aa20639feb07f1135ba62840d03a5cba

memory/2688-67-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2544-66-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2932-81-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1296-80-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2512-95-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2564-94-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1648-108-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2452-107-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe

MD5 3ec4922dbca2d07815cf28144193ded9
SHA1 75cda36469743fbc292da2684e76a26473f04a6d
SHA256 0587fd366ea7e94b3ae500874b1c5d684b5357fcc7389682d5a13c3301a28801
SHA512 956c3a1f2689cb72600edd2e90d652b77592a8a81d319dce026e88f6c02231af06aebd57d68460eb406de00c113522173423cb1b339a41a3918f379c7dc311f7

\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE

MD5 9e2b9928c89a9d0da1d3e8f4bd96afa7
SHA1 ec66cda99f44b62470c6930e5afda061579cde35
SHA256 8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043
SHA512 2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe

MD5 e1833678885f02b5e3cf1b3953456557
SHA1 c197e763500002bc76a8d503933f1f6082a8507a
SHA256 bd9a16d8d7590a2ec827913db5173f8beb1d1ef44dab1920ef52a307f922bc14
SHA512 fe107e1c8631ec6ac94f772e6a7be1fdc2a533fe3cfcf36b1ff018c8d01bd7f1f818f0a2448f736838c953cd516ea7327c416dea20706ed2420327af8ef01abe

memory/1636-131-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2416-130-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE

MD5 7ce8bcabb035b3de517229dbe7c5e67d
SHA1 8e43cd79a7539d240e7645f64fd7f6e9e0f90ab9
SHA256 81a3a1dc3104973a100bf8d114b6be35da03767a0cbbaf925f970ffcbe5f217c
SHA512 be7fcd50b4f71b458ca001b7c019bf1169ec089d7a1ce05355134b11cbe75a5a29811f9efec803877aeb1a1d576ea2628926e0131361db23214275af6e89e80c

memory/1760-151-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2888-168-0x0000000000400000-0x000000000041B000-memory.dmp

memory/776-169-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2076-181-0x0000000000400000-0x000000000041B000-memory.dmp

memory/576-180-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2080-150-0x0000000000400000-0x000000000041B000-memory.dmp

memory/652-199-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2396-198-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1560-208-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1360-207-0x0000000000400000-0x000000000041B000-memory.dmp

memory/908-221-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1044-222-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2604-247-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1364-246-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1748-262-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2852-261-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2992-273-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2908-274-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2732-281-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2784-287-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2828-297-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2864-296-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2200-309-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2560-315-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1396-318-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2980-317-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2584-326-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2500-325-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2592-334-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1604-333-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2432-342-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2448-341-0x0000000000400000-0x000000000041B000-memory.dmp

memory/628-349-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1980-355-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1588-358-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1152-357-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2368-365-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2248-366-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2876-374-0x0000000000400000-0x000000000041B000-memory.dmp

memory/536-373-0x0000000000400000-0x000000000041B000-memory.dmp

memory/596-382-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2240-381-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2192-390-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2496-389-0x0000000000400000-0x000000000041B000-memory.dmp

memory/328-398-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1612-397-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1988-406-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2148-405-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1772-413-0x0000000000400000-0x000000000041B000-memory.dmp

memory/952-414-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2300-1956-0x0000000001210000-0x000000000125E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 20:45

Reported

2024-06-16 20:48

Platform

win10v2004-20240508-en

Max time kernel

63s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MICROS~4.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MICROS~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{D87AE~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MICROS~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MI9C33~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\ExpandSend.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MI391D~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MIA062~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wabmig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MICROS~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wab.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4604 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 4604 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 4604 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 3784 wrote to memory of 3620 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3784 wrote to memory of 3620 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3784 wrote to memory of 3620 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3620 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3620 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3620 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3320 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 3320 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 3320 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.exe
PID 1904 wrote to memory of 3404 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 1904 wrote to memory of 3404 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 1904 wrote to memory of 3404 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
PID 3404 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 3404 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 3404 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 5004 wrote to memory of 4656 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 5004 wrote to memory of 4656 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 5004 wrote to memory of 4656 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 4656 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 4656 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 4656 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 1532 wrote to memory of 3820 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1532 wrote to memory of 3820 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1532 wrote to memory of 3820 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 3820 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 3820 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 3820 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2412 wrote to memory of 4412 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2412 wrote to memory of 4412 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2412 wrote to memory of 4412 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 4412 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 4412 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 4412 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2128 wrote to memory of 4712 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2128 wrote to memory of 4712 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2128 wrote to memory of 4712 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 4712 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 4712 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 4712 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 4596 wrote to memory of 3248 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 4596 wrote to memory of 3248 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 4596 wrote to memory of 3248 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 3248 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 3248 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 3248 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 1404 wrote to memory of 2256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1404 wrote to memory of 2256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 1404 wrote to memory of 2256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2256 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2256 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2256 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 4820 wrote to memory of 2352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 4820 wrote to memory of 2352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 4820 wrote to memory of 2352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2352 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2352 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2352 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com
PID 2532 wrote to memory of 4684 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2532 wrote to memory of 4684 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 2532 wrote to memory of 4684 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
PID 4684 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Windows\svchost.exe

C:\Windows\svchost.exe

C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\System32\WaaSMedicAgent.exe

C:\Windows\System32\WaaSMedicAgent.exe 1f8f18fa08be59daab789d8d8f4a5af8 78+x8XrZaE+RXR6qUvAMAw.0.1.0.0.0

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE

Network

Files

C:\Windows\svchost.exe

MD5 9e3c13b6556d5636b745d3e466d47467
SHA1 2ac1c19e268c49bc508f83fe3d20f495deb3e538
SHA256 20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8
SHA512 5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

memory/4604-3-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

MD5 76d342457ee526cbf505e3cdc4c768d0
SHA1 efbac3e0c8693146ff17ea54928380428313a77d
SHA256 c40559b8a0dc15a7d95f3740b936859411e8745b526a6f981dd9ecafa0259659
SHA512 a016d02b66e4210be1b12ddf9fdded0a47a3491d65e8aa769772b2b0e97705a33c55db3d1c62610f7f7e051bf7a3bdf1cc2f51257ea5cbaf379c80ed610eb8c7

memory/3784-12-0x0000000000400000-0x000000000040D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

MD5 8265a7c6b81f0841d423a78bc27f775f
SHA1 930f55a9c99104e5c152ad9dc4d3922280304490
SHA256 c471b6fff565ec8a3c31957487edb5b4423e3de3eecc07ee3d8be44af582e396
SHA512 b729adc02bdb2fd97cf05da78ce6db3a20a3ceaaf43dc1a96083c4b0e31fe33e003f79e9b7aa47d91867c7a93466d8fab59bf8ddb8f4a0327fc8da00dc136b49

C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

MD5 82aea66046c40a87547e9faf52420e1e
SHA1 83a371bac360ac95d36bfc10a7035cd3c15c3edf
SHA256 fd9479e89de8863995cc31b3d3901b81eb065ce55f383b6a3843cd9653b74d63
SHA512 f46e4a7e2655543c543f8ba4faa0ea7a47f92147c76fb535e71e62a4b80e82e5e18497d734c5067d9a3286f29d739d85e6993f553e5f4a1dcab4d0a4928f3c9c

memory/3320-24-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe

MD5 d6ad756bedcc73546ed7a618f1a4c8a7
SHA1 f1e1bc44ad92b447564965e239b3b422e32c251e
SHA256 b8365215def41984f46c8c29768ff6429bcd2136106328e1439d6b402576dea7
SHA512 e37b5b1896396b528e1f92a34a4c1e881ab123cd4164f1f31ee968590a646aa3b5036744c2b6e47cc2a752610591f79f8cad2f0f907327958385bf1f663056ae

memory/1904-29-0x0000000000400000-0x000000000040D000-memory.dmp

C:\Windows\svchost.com

MD5 e6c15799fdc715402d498ea81e2a261f
SHA1 75e86cc8544cebc0966aec573bad5930332335ec
SHA256 52dce55a381936e2f7647e2b26f2171188333f65d9edd45b6eec6d5dd376666f
SHA512 b08dcc69dfa8b8069ac2d86739f6be200ec00e6c049392b0bddc4f404b7ac0b36897a8baf305905eace26b482bdae18ecd090ac4f2b48d76b2008d96b3e723c7

memory/5004-38-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4656-42-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 dd188e07c93e8c566453b445437a3140
SHA1 cbcc5d57441a29d3f59e581652f1824adc8e2825
SHA256 bc3129c8c21fc299cc8412d0d5249bd7b6a88d46f0c1ae70d70d8fc2eb3d94d9
SHA512 60d8f31f64cb14e224bf93126b8dc3c12124a4b8e318b7c087197139180a661ea7994a251a283ffa9d10f336252f62c6aa20639feb07f1135ba62840d03a5cba

memory/1532-50-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3820-60-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2412-62-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4412-66-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2128-74-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4712-78-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4596-86-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3248-90-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1404-98-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2256-102-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE

MD5 a344438de9e499ca3d9038688440f406
SHA1 c961917349de7e9d269f6f4a5593b6b9d3fcd4d2
SHA256 715f6420c423ae4068b25a703d5575f7c147b26e388f0fff1ae20c6abe821557
SHA512 8bf3c621725fddafa6326b057fee9beee95966e43c5fbab40ebaa4a1a64d17acca97a19d0ece10c3574e13e194ff191316871d1d46d4d74ffc0ac3efb403bca9

C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe

MD5 322302633e36360a24252f6291cdfc91
SHA1 238ed62353776c646957efefc0174c545c2afa3d
SHA256 31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c
SHA512 5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373

C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

MD5 8ffc3bdf4a1903d9e28b99d1643fc9c7
SHA1 919ba8594db0ae245a8abd80f9f3698826fc6fe5
SHA256 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6
SHA512 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

memory/4820-121-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe

MD5 cce8964848413b49f18a44da9cb0a79b
SHA1 0b7452100d400acebb1c1887542f322a92cbd7ae
SHA256 fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5
SHA512 bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d

memory/2352-143-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2532-145-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4684-156-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2692-157-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4116-167-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4300-169-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4936-185-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\java.exe

MD5 60d1d70ce0e486291840f495dd204822
SHA1 2fdc59a7c003483c84af1bfb4b40852487f96a46
SHA256 590afbe437514646a30918a6dddff718adcfcd92f709bfcd983d7226f9ef4665
SHA512 979cb9e361562a1fd7651c80ee3c4da4b9547c34ab2a06c4d517a90a1a901a994b2f19d1e1cbc0696e6bef774ab54a5a2ba2aa401db3df235d39ae9caaccd68b

C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaw.exe

MD5 6f87ccb8ab73b21c9b8288b812de8efa
SHA1 a709254f843a4cb50eec3bb0a4170ad3e74ea9b3
SHA256 14e7a1f2f930380903ae3c912b4a70fd0a59916315c46874805020fe41215c22
SHA512 619b45b9728880691a88fbfc396c9d34b41d5e349e04d2eb2d18c535fffc079395835af2af7ca69319954a98852d2f9b7891eff91864d63bf25759c156e192ee

C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE

MD5 96a14f39834c93363eebf40ae941242c
SHA1 5a3a676403d4e6ad0a51d0f0e2bbdd636ae5d6fc
SHA256 8ee4aa23eb92c4aba9a46b18ac249a5fa11c5abb7e2c1ca82cd5196401db790a
SHA512 fbf307a8053e9478a52cfdf8e8bad3d7c6664c893458786ae6ee4fffc6fe93006e99a2a60c97fb62dad1addd5247621517f4edee5d9545717c4587a272cef9a2

C:\PROGRA~2\Google\Update\DISABL~1.EXE

MD5 3b0e91f9bb6c1f38f7b058c91300e582
SHA1 6e2e650941b1a96bb0bb19ff26a5d304bb09df5f
SHA256 57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d
SHA512 a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f

C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE

MD5 400836f307cf7dbfb469cefd3b0391e7
SHA1 7af3cbb12d3b2d8b5d9553c687c6129d1dd90a10
SHA256 cb5c5abb625a812d47007c75e3855be3f29da527a41cf03730ad5c81f3eb629a
SHA512 aa53cb304478585d6f83b19a6de4a7938ba2570d380a565a56ff5365aed073d5f56b95ad3228eb7d1e7e6110c6172a58b97bd6a5e57e4a8d39e762ed31dc17c8

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

MD5 de69c005b0bbb513e946389227183eeb
SHA1 2a64efdcdc71654356f77a5b77da8b840dcc6674
SHA256 ad7b167ab599b6dad7e7f0ad47368643d91885253f95fadf0fadd1f8eb6ee9c7
SHA512 6ca8cec0cf20ee9b8dfe263e48f211b6f1e19e3b4fc0f6e89807f39d3f4e862f0139eb5b35e3133ef60555589ad54406fb11d95845568a5538602f287863b7d7

memory/3360-227-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4972-246-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4604-248-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2164-256-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3908-264-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3024-277-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3048-283-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1556-286-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1988-292-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4400-294-0x0000000000400000-0x000000000041B000-memory.dmp

memory/544-306-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4968-308-0x0000000000400000-0x000000000041B000-memory.dmp

memory/432-314-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3656-316-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1884-322-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2528-324-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4720-330-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4212-337-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1764-338-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4440-345-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3932-346-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4616-353-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2864-354-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2352-356-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4816-362-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4864-364-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2692-370-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2004-372-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4976-378-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4136-385-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4704-386-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1716-393-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3532-394-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4752-396-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4736-402-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2192-404-0x0000000000400000-0x000000000041B000-memory.dmp

memory/116-405-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3548-412-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2592-413-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1828-415-0x0000000000400000-0x000000000041B000-memory.dmp