Analysis Overview
SHA256
ce22d74fd01031c1e8cfb734c971b325b558287206da51bfd1958d90454807f4
Threat Level: Known bad
The file 062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Detect Neshta payload
Neshta
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-16 20:45
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 20:45
Reported
2024-06-16 20:48
Platform
win7-20240508-en
Max time kernel
140s
Max time network
120s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
Reads user/profile data of web browsers
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\PPTICO.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~1\WinMail.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmlaunch.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmpconfig.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\LICLUA.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\DISABL~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmpshare.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\misc.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~1\WinMail.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI4223~1\sidebar.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\SELFCERT.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ieinstal.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\WMPDMC.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ielowutil.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmpshare.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\DISABL~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File created | C:\Windows\svchost.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File created | C:\Windows\svchost.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Windows\svchost.exe
C:\Windows\svchost.exe
C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
Network
Files
memory/2944-5-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Windows\svchost.exe
| MD5 | 9e3c13b6556d5636b745d3e466d47467 |
| SHA1 | 2ac1c19e268c49bc508f83fe3d20f495deb3e538 |
| SHA256 | 20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8 |
| SHA512 | 5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b |
\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
| MD5 | 76d342457ee526cbf505e3cdc4c768d0 |
| SHA1 | efbac3e0c8693146ff17ea54928380428313a77d |
| SHA256 | c40559b8a0dc15a7d95f3740b936859411e8745b526a6f981dd9ecafa0259659 |
| SHA512 | a016d02b66e4210be1b12ddf9fdded0a47a3491d65e8aa769772b2b0e97705a33c55db3d1c62610f7f7e051bf7a3bdf1cc2f51257ea5cbaf379c80ed610eb8c7 |
memory/3012-20-0x0000000000400000-0x000000000040D000-memory.dmp
\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
| MD5 | 8265a7c6b81f0841d423a78bc27f775f |
| SHA1 | 930f55a9c99104e5c152ad9dc4d3922280304490 |
| SHA256 | c471b6fff565ec8a3c31957487edb5b4423e3de3eecc07ee3d8be44af582e396 |
| SHA512 | b729adc02bdb2fd97cf05da78ce6db3a20a3ceaaf43dc1a96083c4b0e31fe33e003f79e9b7aa47d91867c7a93466d8fab59bf8ddb8f4a0327fc8da00dc136b49 |
C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe
| MD5 | 15e2192b38b8c6162f477113b8ce027d |
| SHA1 | 673074054a49a25e9baf6fe2fc7cf8cfc8ae110a |
| SHA256 | 4a20c212912cb30990048b595bb1bd396672200f97518e01cc810d4566bb3a52 |
| SHA512 | d2427b1c786c13723697f55377a12be0a9cf097d01fd6ec16ec5777e79cc0a1234d5f82d52705e7a9b4a73815e0ce097d2ee39d90317b9fc776cffb15736065a |
\MSOCache\ALLUSE~1\{9A861~1\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
| MD5 | 82aea66046c40a87547e9faf52420e1e |
| SHA1 | 83a371bac360ac95d36bfc10a7035cd3c15c3edf |
| SHA256 | fd9479e89de8863995cc31b3d3901b81eb065ce55f383b6a3843cd9653b74d63 |
| SHA512 | f46e4a7e2655543c543f8ba4faa0ea7a47f92147c76fb535e71e62a4b80e82e5e18497d734c5067d9a3286f29d739d85e6993f553e5f4a1dcab4d0a4928f3c9c |
memory/2740-39-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
| MD5 | d6ad756bedcc73546ed7a618f1a4c8a7 |
| SHA1 | f1e1bc44ad92b447564965e239b3b422e32c251e |
| SHA256 | b8365215def41984f46c8c29768ff6429bcd2136106328e1439d6b402576dea7 |
| SHA512 | e37b5b1896396b528e1f92a34a4c1e881ab123cd4164f1f31ee968590a646aa3b5036744c2b6e47cc2a752610591f79f8cad2f0f907327958385bf1f663056ae |
memory/2532-48-0x0000000000400000-0x000000000040D000-memory.dmp
C:\Windows\svchost.com
| MD5 | e6c15799fdc715402d498ea81e2a261f |
| SHA1 | 75e86cc8544cebc0966aec573bad5930332335ec |
| SHA256 | 52dce55a381936e2f7647e2b26f2171188333f65d9edd45b6eec6d5dd376666f |
| SHA512 | b08dcc69dfa8b8069ac2d86739f6be200ec00e6c049392b0bddc4f404b7ac0b36897a8baf305905eace26b482bdae18ecd090ac4f2b48d76b2008d96b3e723c7 |
C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
| MD5 | cf6c595d3e5e9667667af096762fd9c4 |
| SHA1 | 9bb44da8d7f6457099cb56e4f7d1026963dce7ce |
| SHA256 | 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d |
| SHA512 | ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80 |
C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE
| MD5 | 02ee6a3424782531461fb2f10713d3c1 |
| SHA1 | b581a2c365d93ebb629e8363fd9f69afc673123f |
| SHA256 | ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc |
| SHA512 | 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec |
C:\Windows\directx.sys
| MD5 | dd188e07c93e8c566453b445437a3140 |
| SHA1 | cbcc5d57441a29d3f59e581652f1824adc8e2825 |
| SHA256 | bc3129c8c21fc299cc8412d0d5249bd7b6a88d46f0c1ae70d70d8fc2eb3d94d9 |
| SHA512 | 60d8f31f64cb14e224bf93126b8dc3c12124a4b8e318b7c087197139180a661ea7994a251a283ffa9d10f336252f62c6aa20639feb07f1135ba62840d03a5cba |
memory/2688-67-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2544-66-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2932-81-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1296-80-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2512-95-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2564-94-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1648-108-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2452-107-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe
| MD5 | 3ec4922dbca2d07815cf28144193ded9 |
| SHA1 | 75cda36469743fbc292da2684e76a26473f04a6d |
| SHA256 | 0587fd366ea7e94b3ae500874b1c5d684b5357fcc7389682d5a13c3301a28801 |
| SHA512 | 956c3a1f2689cb72600edd2e90d652b77592a8a81d319dce026e88f6c02231af06aebd57d68460eb406de00c113522173423cb1b339a41a3918f379c7dc311f7 |
\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
| MD5 | 9e2b9928c89a9d0da1d3e8f4bd96afa7 |
| SHA1 | ec66cda99f44b62470c6930e5afda061579cde35 |
| SHA256 | 8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043 |
| SHA512 | 2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156 |
C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe
| MD5 | e1833678885f02b5e3cf1b3953456557 |
| SHA1 | c197e763500002bc76a8d503933f1f6082a8507a |
| SHA256 | bd9a16d8d7590a2ec827913db5173f8beb1d1ef44dab1920ef52a307f922bc14 |
| SHA512 | fe107e1c8631ec6ac94f772e6a7be1fdc2a533fe3cfcf36b1ff018c8d01bd7f1f818f0a2448f736838c953cd516ea7327c416dea20706ed2420327af8ef01abe |
memory/1636-131-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2416-130-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE
| MD5 | 7ce8bcabb035b3de517229dbe7c5e67d |
| SHA1 | 8e43cd79a7539d240e7645f64fd7f6e9e0f90ab9 |
| SHA256 | 81a3a1dc3104973a100bf8d114b6be35da03767a0cbbaf925f970ffcbe5f217c |
| SHA512 | be7fcd50b4f71b458ca001b7c019bf1169ec089d7a1ce05355134b11cbe75a5a29811f9efec803877aeb1a1d576ea2628926e0131361db23214275af6e89e80c |
memory/1760-151-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2888-168-0x0000000000400000-0x000000000041B000-memory.dmp
memory/776-169-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2076-181-0x0000000000400000-0x000000000041B000-memory.dmp
memory/576-180-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2080-150-0x0000000000400000-0x000000000041B000-memory.dmp
memory/652-199-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2396-198-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1560-208-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1360-207-0x0000000000400000-0x000000000041B000-memory.dmp
memory/908-221-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1044-222-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2604-247-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1364-246-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1748-262-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2852-261-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2992-273-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2908-274-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2732-281-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2784-287-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2828-297-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2864-296-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2200-309-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2560-315-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1396-318-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2980-317-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2584-326-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2500-325-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2592-334-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1604-333-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2432-342-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2448-341-0x0000000000400000-0x000000000041B000-memory.dmp
memory/628-349-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1980-355-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1588-358-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1152-357-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2368-365-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2248-366-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2876-374-0x0000000000400000-0x000000000041B000-memory.dmp
memory/536-373-0x0000000000400000-0x000000000041B000-memory.dmp
memory/596-382-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2240-381-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2192-390-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2496-389-0x0000000000400000-0x000000000041B000-memory.dmp
memory/328-398-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1612-397-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1988-406-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2148-405-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1772-413-0x0000000000400000-0x000000000041B000-memory.dmp
memory/952-414-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2300-1956-0x0000000001210000-0x000000000125E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 20:45
Reported
2024-06-16 20:48
Platform
win10v2004-20240508-en
Max time kernel
63s
Max time network
51s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
Executes dropped EXE
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
Reads user/profile data of web browsers
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MICROS~4.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MICROS~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{D87AE~1\WINDOW~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MICROS~2.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MI9C33~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\ExpandSend.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MI391D~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MIA062~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wabmig.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MICROS~3.EXE | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wab.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\DISABL~1.EXE | C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Windows\svchost.exe
C:\Windows\svchost.exe
C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 1f8f18fa08be59daab789d8d8f4a5af8 78+x8XrZaE+RXR6qUvAMAw.0.1.0.0.0
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.exe
"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\062D9C~1.EXE
Network
Files
C:\Windows\svchost.exe
| MD5 | 9e3c13b6556d5636b745d3e466d47467 |
| SHA1 | 2ac1c19e268c49bc508f83fe3d20f495deb3e538 |
| SHA256 | 20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8 |
| SHA512 | 5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b |
memory/4604-3-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
| MD5 | 76d342457ee526cbf505e3cdc4c768d0 |
| SHA1 | efbac3e0c8693146ff17ea54928380428313a77d |
| SHA256 | c40559b8a0dc15a7d95f3740b936859411e8745b526a6f981dd9ecafa0259659 |
| SHA512 | a016d02b66e4210be1b12ddf9fdded0a47a3491d65e8aa769772b2b0e97705a33c55db3d1c62610f7f7e051bf7a3bdf1cc2f51257ea5cbaf379c80ed610eb8c7 |
memory/3784-12-0x0000000000400000-0x000000000040D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
| MD5 | 8265a7c6b81f0841d423a78bc27f775f |
| SHA1 | 930f55a9c99104e5c152ad9dc4d3922280304490 |
| SHA256 | c471b6fff565ec8a3c31957487edb5b4423e3de3eecc07ee3d8be44af582e396 |
| SHA512 | b729adc02bdb2fd97cf05da78ce6db3a20a3ceaaf43dc1a96083c4b0e31fe33e003f79e9b7aa47d91867c7a93466d8fab59bf8ddb8f4a0327fc8da00dc136b49 |
C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
| MD5 | 82aea66046c40a87547e9faf52420e1e |
| SHA1 | 83a371bac360ac95d36bfc10a7035cd3c15c3edf |
| SHA256 | fd9479e89de8863995cc31b3d3901b81eb065ce55f383b6a3843cd9653b74d63 |
| SHA512 | f46e4a7e2655543c543f8ba4faa0ea7a47f92147c76fb535e71e62a4b80e82e5e18497d734c5067d9a3286f29d739d85e6993f553e5f4a1dcab4d0a4928f3c9c |
memory/3320-24-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\062d9c269e30c7e668a6003f8cbd55d0_NeikiAnalytics.exe
| MD5 | d6ad756bedcc73546ed7a618f1a4c8a7 |
| SHA1 | f1e1bc44ad92b447564965e239b3b422e32c251e |
| SHA256 | b8365215def41984f46c8c29768ff6429bcd2136106328e1439d6b402576dea7 |
| SHA512 | e37b5b1896396b528e1f92a34a4c1e881ab123cd4164f1f31ee968590a646aa3b5036744c2b6e47cc2a752610591f79f8cad2f0f907327958385bf1f663056ae |
memory/1904-29-0x0000000000400000-0x000000000040D000-memory.dmp
C:\Windows\svchost.com
| MD5 | e6c15799fdc715402d498ea81e2a261f |
| SHA1 | 75e86cc8544cebc0966aec573bad5930332335ec |
| SHA256 | 52dce55a381936e2f7647e2b26f2171188333f65d9edd45b6eec6d5dd376666f |
| SHA512 | b08dcc69dfa8b8069ac2d86739f6be200ec00e6c049392b0bddc4f404b7ac0b36897a8baf305905eace26b482bdae18ecd090ac4f2b48d76b2008d96b3e723c7 |
memory/5004-38-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4656-42-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\directx.sys
| MD5 | dd188e07c93e8c566453b445437a3140 |
| SHA1 | cbcc5d57441a29d3f59e581652f1824adc8e2825 |
| SHA256 | bc3129c8c21fc299cc8412d0d5249bd7b6a88d46f0c1ae70d70d8fc2eb3d94d9 |
| SHA512 | 60d8f31f64cb14e224bf93126b8dc3c12124a4b8e318b7c087197139180a661ea7994a251a283ffa9d10f336252f62c6aa20639feb07f1135ba62840d03a5cba |
memory/1532-50-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3820-60-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2412-62-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4412-66-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2128-74-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4712-78-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4596-86-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3248-90-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1404-98-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2256-102-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE
| MD5 | a344438de9e499ca3d9038688440f406 |
| SHA1 | c961917349de7e9d269f6f4a5593b6b9d3fcd4d2 |
| SHA256 | 715f6420c423ae4068b25a703d5575f7c147b26e388f0fff1ae20c6abe821557 |
| SHA512 | 8bf3c621725fddafa6326b057fee9beee95966e43c5fbab40ebaa4a1a64d17acca97a19d0ece10c3574e13e194ff191316871d1d46d4d74ffc0ac3efb403bca9 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe
| MD5 | 322302633e36360a24252f6291cdfc91 |
| SHA1 | 238ed62353776c646957efefc0174c545c2afa3d |
| SHA256 | 31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c |
| SHA512 | 5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
| MD5 | 8ffc3bdf4a1903d9e28b99d1643fc9c7 |
| SHA1 | 919ba8594db0ae245a8abd80f9f3698826fc6fe5 |
| SHA256 | 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6 |
| SHA512 | 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427 |
memory/4820-121-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe
| MD5 | cce8964848413b49f18a44da9cb0a79b |
| SHA1 | 0b7452100d400acebb1c1887542f322a92cbd7ae |
| SHA256 | fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5 |
| SHA512 | bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d |
memory/2352-143-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2532-145-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4684-156-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2692-157-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4116-167-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4300-169-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4936-185-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\java.exe
| MD5 | 60d1d70ce0e486291840f495dd204822 |
| SHA1 | 2fdc59a7c003483c84af1bfb4b40852487f96a46 |
| SHA256 | 590afbe437514646a30918a6dddff718adcfcd92f709bfcd983d7226f9ef4665 |
| SHA512 | 979cb9e361562a1fd7651c80ee3c4da4b9547c34ab2a06c4d517a90a1a901a994b2f19d1e1cbc0696e6bef774ab54a5a2ba2aa401db3df235d39ae9caaccd68b |
C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaw.exe
| MD5 | 6f87ccb8ab73b21c9b8288b812de8efa |
| SHA1 | a709254f843a4cb50eec3bb0a4170ad3e74ea9b3 |
| SHA256 | 14e7a1f2f930380903ae3c912b4a70fd0a59916315c46874805020fe41215c22 |
| SHA512 | 619b45b9728880691a88fbfc396c9d34b41d5e349e04d2eb2d18c535fffc079395835af2af7ca69319954a98852d2f9b7891eff91864d63bf25759c156e192ee |
C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE
| MD5 | 96a14f39834c93363eebf40ae941242c |
| SHA1 | 5a3a676403d4e6ad0a51d0f0e2bbdd636ae5d6fc |
| SHA256 | 8ee4aa23eb92c4aba9a46b18ac249a5fa11c5abb7e2c1ca82cd5196401db790a |
| SHA512 | fbf307a8053e9478a52cfdf8e8bad3d7c6664c893458786ae6ee4fffc6fe93006e99a2a60c97fb62dad1addd5247621517f4edee5d9545717c4587a272cef9a2 |
C:\PROGRA~2\Google\Update\DISABL~1.EXE
| MD5 | 3b0e91f9bb6c1f38f7b058c91300e582 |
| SHA1 | 6e2e650941b1a96bb0bb19ff26a5d304bb09df5f |
| SHA256 | 57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d |
| SHA512 | a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE
| MD5 | 400836f307cf7dbfb469cefd3b0391e7 |
| SHA1 | 7af3cbb12d3b2d8b5d9553c687c6129d1dd90a10 |
| SHA256 | cb5c5abb625a812d47007c75e3855be3f29da527a41cf03730ad5c81f3eb629a |
| SHA512 | aa53cb304478585d6f83b19a6de4a7938ba2570d380a565a56ff5365aed073d5f56b95ad3228eb7d1e7e6110c6172a58b97bd6a5e57e4a8d39e762ed31dc17c8 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe
| MD5 | de69c005b0bbb513e946389227183eeb |
| SHA1 | 2a64efdcdc71654356f77a5b77da8b840dcc6674 |
| SHA256 | ad7b167ab599b6dad7e7f0ad47368643d91885253f95fadf0fadd1f8eb6ee9c7 |
| SHA512 | 6ca8cec0cf20ee9b8dfe263e48f211b6f1e19e3b4fc0f6e89807f39d3f4e862f0139eb5b35e3133ef60555589ad54406fb11d95845568a5538602f287863b7d7 |
memory/3360-227-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4972-246-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4604-248-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2164-256-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3908-264-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3024-277-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3048-283-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1556-286-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1988-292-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4400-294-0x0000000000400000-0x000000000041B000-memory.dmp
memory/544-306-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4968-308-0x0000000000400000-0x000000000041B000-memory.dmp
memory/432-314-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3656-316-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1884-322-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2528-324-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4720-330-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4212-337-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1764-338-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4440-345-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3932-346-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4616-353-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2864-354-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2352-356-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4816-362-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4864-364-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2692-370-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2004-372-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4976-378-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4136-385-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4704-386-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1716-393-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3532-394-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4752-396-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4736-402-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2192-404-0x0000000000400000-0x000000000041B000-memory.dmp
memory/116-405-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3548-412-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2592-413-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1828-415-0x0000000000400000-0x000000000041B000-memory.dmp