Malware Analysis Report

2024-09-11 00:14

Sample ID 240617-3sj7esygqh
Target 11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe
SHA256 1e4e1606d3d53eaa7859224934bc59e843b0d2f60973ee9ad98de3235832621d
Tags
neshta persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1e4e1606d3d53eaa7859224934bc59e843b0d2f60973ee9ad98de3235832621d

Threat Level: Known bad

The file 11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

neshta persistence spyware stealer

Detect Neshta payload

Neshta

Neshta family

Reads user/profile data of web browsers

Checks computer location settings

Executes dropped EXE

Modifies system executable filetype association

Loads dropped DLL

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-17 23:46

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Neshta family

neshta

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 23:46

Reported

2024-06-17 23:49

Platform

win7-20240419-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\SELFCERT.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\INFOPATH.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1964 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe
PID 1964 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe
PID 1964 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe
PID 1964 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe
PID 2732 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2732 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2732 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2732 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2660 wrote to memory of 2816 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2660 wrote to memory of 2816 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2660 wrote to memory of 2816 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2660 wrote to memory of 2816 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2816 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2816 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2816 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2816 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2568 wrote to memory of 2688 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2568 wrote to memory of 2688 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2568 wrote to memory of 2688 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2568 wrote to memory of 2688 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2688 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2688 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2688 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2688 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2616 wrote to memory of 2464 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2616 wrote to memory of 2464 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2616 wrote to memory of 2464 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2616 wrote to memory of 2464 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2464 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2464 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2464 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2464 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2524 wrote to memory of 2904 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2524 wrote to memory of 2904 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2524 wrote to memory of 2904 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2524 wrote to memory of 2904 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2904 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2904 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2904 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2904 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 1704 wrote to memory of 2784 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 1704 wrote to memory of 2784 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 1704 wrote to memory of 2784 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 1704 wrote to memory of 2784 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2784 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2784 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2784 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2784 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2884 wrote to memory of 2196 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2884 wrote to memory of 2196 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2884 wrote to memory of 2196 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2884 wrote to memory of 2196 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2196 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2196 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2196 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2196 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2404 wrote to memory of 2320 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2404 wrote to memory of 2320 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2404 wrote to memory of 2320 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2404 wrote to memory of 2320 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2320 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2320 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2320 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2320 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -Embedding

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe

MD5 c00ace6ae3e56dd85947b14d0a837dd9
SHA1 3f5bc356f3717382d2234c89903632298fe6e3e7
SHA256 5c1d55667e09bb23e7444a7eaa16d48ed3f36c40ec71f01c5792d18afc122f5f
SHA512 84e8bd391a129a1283aef33f8ff1bf0ff35098c76f7197acf525249ece3489a404cfe941281db87452dad2397116eb3d01b359e0dc6814ff59390100f57a9738

C:\Windows\svchost.com

MD5 87afdaaadcf49670067a3dc56131afdb
SHA1 012c493bb8f0ebfc8c057a26c4b78c69a8fb3e9f
SHA256 7a56d13ed3217c2084f3ded1c285d81a8c323bac14978755480c84979331cce9
SHA512 f907d48cbd2de579db7ba63caeab73ddacc9bd21c25146563d5099485cb6d6a3a136ffa5e64e3cab337fdd4574c0175f4bcdbc3a839c12584906722e998009c3

C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 566ed4f62fdc96f175afedd811fa0370
SHA1 d4b47adc40e0d5a9391d3f6f2942d1889dd2a451
SHA256 e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460
SHA512 cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7

C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 02ee6a3424782531461fb2f10713d3c1
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc
SHA512 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec

C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe

MD5 cf6c595d3e5e9667667af096762fd9c4
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d
SHA512 ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe

MD5 58b58875a50a0d8b5e7be7d6ac685164
SHA1 1e0b89c1b2585c76e758e9141b846ed4477b0662
SHA256 2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae
SHA512 d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b

C:\Windows\directx.sys

MD5 3b6ddcc24bf6aef0549240276b17a497
SHA1 8863ef2df9ec5beb77b90cb9a7af53ce083dfdae
SHA256 194404d02579846359602a9b65cfd3124adc63f2b22b843c253a283751114920
SHA512 6215bff110da99a18b1a0e1d32119d6f2be871f9bafa9b7c4f9244fb9656f66bd3d441f51e10ce0a3a7cda65de255b4022f3b1de7309f733c24d3ae27a4a2b26

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1464-200-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2132-240-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2460-280-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2432-328-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1008-327-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1844-320-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2892-319-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1680-312-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1268-311-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1656-304-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2124-303-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2680-296-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2348-295-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2896-288-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2572-287-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1704-279-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2644-272-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2672-271-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2560-264-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2660-263-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2356-256-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2648-255-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2080-248-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1524-247-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1544-239-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2104-232-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2092-231-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1448-224-0x0000000000400000-0x000000000041B000-memory.dmp

memory/780-223-0x0000000000400000-0x000000000041B000-memory.dmp

memory/740-216-0x0000000000400000-0x000000000041B000-memory.dmp

memory/768-215-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2056-208-0x0000000000400000-0x000000000041B000-memory.dmp

memory/756-207-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1304-199-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3016-192-0x0000000000400000-0x000000000041B000-memory.dmp

memory/912-191-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2024-184-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1096-183-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2280-176-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1732-175-0x0000000000400000-0x000000000041B000-memory.dmp

memory/944-168-0x0000000000400000-0x000000000041B000-memory.dmp

memory/692-167-0x0000000000400000-0x000000000041B000-memory.dmp

memory/380-160-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1396-159-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1844-152-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2236-151-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1680-142-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2220-141-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1440-128-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2328-127-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2404-114-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2320-113-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2884-100-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-99-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1704-86-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2784-85-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2524-72-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2904-71-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2616-58-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2464-57-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2568-44-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2688-43-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2660-30-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2816-29-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 23:46

Reported

2024-06-17 23:49

Platform

win10v2004-20240611-en

Max time kernel

93s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wab.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EdgeCore\125025~1.92\INSTAL~1\setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MIA062~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI9C33~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~2.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wabmig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wab.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EdgeCore\125025~1.92\COOKIE~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EdgeCore\125025~1.92\NOTIFI~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EdgeCore\125025~1.92\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EdgeCore\125025~1.92\msedge.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EdgeCore\125025~1.92\msedge.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wabmig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2592 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe
PID 2592 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe
PID 2592 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe
PID 3452 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 3452 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 3452 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe C:\Windows\svchost.com
PID 748 wrote to memory of 2548 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 748 wrote to memory of 2548 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 748 wrote to memory of 2548 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2548 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2548 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2548 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2296 wrote to memory of 3608 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2296 wrote to memory of 3608 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 2296 wrote to memory of 3608 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 3608 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 3608 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 3608 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 3680 wrote to memory of 4000 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 3680 wrote to memory of 4000 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 3680 wrote to memory of 4000 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 4000 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 4000 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 4000 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 1064 wrote to memory of 1684 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 1064 wrote to memory of 1684 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 1064 wrote to memory of 1684 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 1684 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 1684 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 1684 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 2352 wrote to memory of 4356 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2352 wrote to memory of 4356 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2352 wrote to memory of 4356 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 4356 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 4356 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 4356 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 388 wrote to memory of 920 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 388 wrote to memory of 920 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 388 wrote to memory of 920 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 920 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 920 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 920 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 1968 wrote to memory of 4400 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 1968 wrote to memory of 4400 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 1968 wrote to memory of 4400 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 4400 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 4400 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 4400 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 1408 wrote to memory of 1896 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 1408 wrote to memory of 1896 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 1408 wrote to memory of 1896 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 1896 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 1896 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 1896 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com
PID 980 wrote to memory of 3344 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 980 wrote to memory of 3344 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 980 wrote to memory of 3344 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 3344 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 3344 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 3344 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE
PID 4028 wrote to memory of 2088 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 4028 wrote to memory of 2088 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 4028 wrote to memory of 2088 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2088 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv fC403YnQhU2YxXJP9HQ0qQ.0.1

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\11AC16~1.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\3582-490\11ac16468fca162009ee1b2b6fd559c0_NeikiAnalytics.exe

MD5 c00ace6ae3e56dd85947b14d0a837dd9
SHA1 3f5bc356f3717382d2234c89903632298fe6e3e7
SHA256 5c1d55667e09bb23e7444a7eaa16d48ed3f36c40ec71f01c5792d18afc122f5f
SHA512 84e8bd391a129a1283aef33f8ff1bf0ff35098c76f7197acf525249ece3489a404cfe941281db87452dad2397116eb3d01b359e0dc6814ff59390100f57a9738

C:\Windows\svchost.com

MD5 87afdaaadcf49670067a3dc56131afdb
SHA1 012c493bb8f0ebfc8c057a26c4b78c69a8fb3e9f
SHA256 7a56d13ed3217c2084f3ded1c285d81a8c323bac14978755480c84979331cce9
SHA512 f907d48cbd2de579db7ba63caeab73ddacc9bd21c25146563d5099485cb6d6a3a136ffa5e64e3cab337fdd4574c0175f4bcdbc3a839c12584906722e998009c3

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/748-18-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2548-22-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 3b6ddcc24bf6aef0549240276b17a497
SHA1 8863ef2df9ec5beb77b90cb9a7af53ce083dfdae
SHA256 194404d02579846359602a9b65cfd3124adc63f2b22b843c253a283751114920
SHA512 6215bff110da99a18b1a0e1d32119d6f2be871f9bafa9b7c4f9244fb9656f66bd3d441f51e10ce0a3a7cda65de255b4022f3b1de7309f733c24d3ae27a4a2b26

memory/2296-30-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3608-38-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

MD5 8ffc3bdf4a1903d9e28b99d1643fc9c7
SHA1 919ba8594db0ae245a8abd80f9f3698826fc6fe5
SHA256 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6
SHA512 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE

MD5 4ddc609ae13a777493f3eeda70a81d40
SHA1 8957c390f9b2c136d37190e32bccae3ae671c80a
SHA256 16d65f2463658a72dba205dcaa18bc3d0bab4453e726233d68bc176e69db0950
SHA512 9d7f90d1529cab20078c2690bf7bffab5a451a41d8993781effe807e619da0e7292f991da2f0c5c131b111d028b3e6084e5648c90816e74dfb664e7f78181bc5

C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe

MD5 5791075058b526842f4601c46abd59f5
SHA1 b2748f7542e2eebcd0353c3720d92bbffad8678f
SHA256 5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394
SHA512 83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb

memory/3680-61-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4000-65-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1064-73-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1684-84-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2352-85-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe

MD5 e7a27a45efa530c657f58fda9f3b9f4a
SHA1 6c0d29a8b75574e904ab1c39fc76b39ca8f8e461
SHA256 d6f11401f57293922fb36cd7542ae811ab567a512449e566f83ce0dcef5ff8e5
SHA512 0c37b41f3c075cd89a764d81f751c3a704a19240ad8e4ebab591f399b9b168b920575749e9d24c2a8f0400b9f340ab9fea4db76ff7060d8af00e2b36ac0c4a54

memory/4356-104-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaw.exe

MD5 63c77ca7b232e57ffb5d8b114183fd56
SHA1 a368e020dc1953c3143a1cbc8884323c62e42c9f
SHA256 25b4fe892cc10ba4d7e5bdf829ca8b27a6c5aed5ec6117cd0ad1a44a23a0b51c
SHA512 4872bf06fbe27c2517f54b00f40c4e3553179c4d78533c20affc9c9a6e1edcf2fdf75b7564741b05b644b69a55cdbf439f22cb763e015a35dc5eb0b2cc1013b4

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

MD5 de69c005b0bbb513e946389227183eeb
SHA1 2a64efdcdc71654356f77a5b77da8b840dcc6674
SHA256 ad7b167ab599b6dad7e7f0ad47368643d91885253f95fadf0fadd1f8eb6ee9c7
SHA512 6ca8cec0cf20ee9b8dfe263e48f211b6f1e19e3b4fc0f6e89807f39d3f4e862f0139eb5b35e3133ef60555589ad54406fb11d95845568a5538602f287863b7d7

C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\java.exe

MD5 0511abca39ed6d36fff86a8b6f2266cd
SHA1 bfe55ac898d7a570ec535328b6283a1cdfa33b00
SHA256 76ae68fc7c6c552c4a98c5df640cd96cf27b62e7e1536b7f7d08eff56fcde8b8
SHA512 6608412e3ed0057f387bafcddcb07bfe7da4f207c7300c460e5acc4bd234cec3362191800789eb465eb120ec069e3ed49eabb6bd7db30d9e9245a89bb20e4346

C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE

MD5 96a14f39834c93363eebf40ae941242c
SHA1 5a3a676403d4e6ad0a51d0f0e2bbdd636ae5d6fc
SHA256 8ee4aa23eb92c4aba9a46b18ac249a5fa11c5abb7e2c1ca82cd5196401db790a
SHA512 fbf307a8053e9478a52cfdf8e8bad3d7c6664c893458786ae6ee4fffc6fe93006e99a2a60c97fb62dad1addd5247621517f4edee5d9545717c4587a272cef9a2

C:\PROGRA~2\Google\Update\DISABL~1.EXE

MD5 3b0e91f9bb6c1f38f7b058c91300e582
SHA1 6e2e650941b1a96bb0bb19ff26a5d304bb09df5f
SHA256 57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d
SHA512 a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f

C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE

MD5 f7c714dbf8e08ca2ed1a2bfb8ca97668
SHA1 cc78bf232157f98b68b8d81327f9f826dabb18ab
SHA256 fc379fda348644fef660a3796861c122aa2dd5498e80279d1279a7ddb259e899
SHA512 28bc04c4df3f632865e68e83d045b3ecd2a263e62853c922b260d0734026e8a1541988fcbf4ddc9cf3aba6863214d6c6eb51f8bbb2586122a7cb01a70f08d16c

C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE

MD5 400836f307cf7dbfb469cefd3b0391e7
SHA1 7af3cbb12d3b2d8b5d9553c687c6129d1dd90a10
SHA256 cb5c5abb625a812d47007c75e3855be3f29da527a41cf03730ad5c81f3eb629a
SHA512 aa53cb304478585d6f83b19a6de4a7938ba2570d380a565a56ff5365aed073d5f56b95ad3228eb7d1e7e6110c6172a58b97bd6a5e57e4a8d39e762ed31dc17c8

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE

MD5 5c78384d8eb1f6cb8cb23d515cfe7c98
SHA1 b732ab6c3fbf2ded8a4d6c8962554d119f59082e
SHA256 9abd7f0aa942ee6b263cdc4b32a4110ddb95e43ad411190f0ea48c0064884564
SHA512 99324af5f8fb70a9d01f97d845a4c6999053d6567ba5b80830a843a1634b02eaf3c0c04ced924cf1b1be9b4d1dbbcb95538385f7f85ad84d3eaaa6dcdebcc8a6

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE

MD5 a5d9eaa7d52bffc494a5f58203c6c1b5
SHA1 97928ba7b61b46a1a77a38445679d040ffca7cc8
SHA256 34b8662d38e7d3d6394fa6c965d943d2c82ea06ba9d7a0af4f8e0571fb5a9c48
SHA512 b6fdc8389bb4d736d608600469be6a4b0452aa3ea082f9a0791022a14c02b8fb7dcd62df133b0518e91283094eaba2be9318316f72d2c4aae6286d3e8686e787

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe

MD5 5119e350591269f44f732b470024bb7c
SHA1 4ccd48e4c6ba6e162d1520760ee3063e93e2c014
SHA256 2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873
SHA512 599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE

MD5 27543bab17420af611ccc3029db9465a
SHA1 f0f96fd53f9695737a3fa6145bc5a6ce58227966
SHA256 75530dc732f35cc796d19edd11ae6d6f6ef6499ddcf2e57307582b1c5299554c
SHA512 a62c2dd60e1df309ec1bb48ea85184914962ba83766f29d878569549ca20fca68f304f4494702d9e5f09adedc2166e48ee0bc1f4a5d9e245c5490daf15036bea

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE

MD5 11486d1d22eaacf01580e3e650f1da3f
SHA1 a47a721efec08ade8456a6918c3de413a2f8c7a2
SHA256 5e1b1daa9968ca19a58714617b7e691b6b6f34bfacaf0dcf4792c48888b1a5d3
SHA512 5bd54e1c1308e04a769e089ab37bd9236ab97343b486b85a018f2c8ad060503c97e8bc51f911a63f9b96dd734eb7d21e0a5c447951246d972b05fafeef4633da

C:\PROGRA~2\MICROS~1\EdgeCore\125025~1.92\MSEDGE~2.EXE

MD5 a354708b6142711dc8414d725015ff26
SHA1 b064eccfc464db92d2e4ed1c4f8372de5fda68a3
SHA256 572e5256d6d477edfc35384cfb118b44a3aa49e1e5741ded41dfea98fc70a4c3
SHA512 0bf3ae2f1ed58aab55412789e07ba3f17d181a84f13f5300270934dee926f94c6a26426a15cb0f3049abdb068dac54532d00a5add91b0b15878cc9892f25508c

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\pwahelper.exe

MD5 09e65dbdab3dc90ce0a2d6577f8f802f
SHA1 260cec74012a11f5136da7e3f95dfa1f505e3431
SHA256 c638fe82ee529ef387e223d0a883551eb52644a3d6cce2afc0319cdc37b0feb9
SHA512 eb8d979ab2a9f2857439f5fdb6fe20c1a0d5cdc4e161d9d636465fd643176ac202db7c95f2cdc8c0e91112e57174e36dcd39bc7066540c64f8112254682102e6

memory/388-201-0x0000000000400000-0x000000000041B000-memory.dmp

memory/920-217-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1968-223-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4400-230-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\notification_helper.exe

MD5 66f5c082a287fb8ed9a92382a30bc9b3
SHA1 27242e3dad97b62a8567f97f45bba267e0ee4033
SHA256 e5cbccebeb828eb0df1d107a3d44d866c29bb0e99494d4897c30b5e5eb41bd98
SHA512 391d67c759e249694b3e69fc0a620c5bfe8d4ca7f4a9d3f8391fa6840c339c4411a082c43feabe65c60f7f95b4d4bd06dd1e73503c9147c72d5958af134cca16

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\msedge_pwa_launcher.exe

MD5 14c76fcbecbac25811d3e3af4a1d9535
SHA1 4a65c0e22f4b4c9419f3cc4a961281eab6ba24de
SHA256 e7ce3131d752da7061f691032510e3d054386865744d4149c2f672d682ac295d
SHA512 a95a3bb03bc46f1362bac78bed0b9df05395917b5d6cde48f184b2a11b69f0a183d3e36e016ce647398ce79e008b75bc5776211d4b1eb1ee0554c5fd3b58d3a4

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\msedgewebview2.exe

MD5 ef7dc031d267b721c1536b7034894567
SHA1 9d75263cbf8135d3d66359cae017bea0b8ddd8bd
SHA256 3b4115a17ed170d29204e0375c1a3c77972f95890855a5ba879d7b7ed9b73cb9
SHA512 9bcd728608bc9fa1d7bcd907c280a62bdce085e8097cb3ec5e5c95ea5d3a2cf0b2aca3ee9d07e7d66a3f67a655fe805df990ab5155a8b6a2f12e04bebd31747f

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\msedge.exe

MD5 0921ebebcb84aa38c54f705e9295cca9
SHA1 71bfde8e5345b4120b489a77fb979f66d2e2ab39
SHA256 828a5cafbb07dec132a30a3a50dc312d2b1616373de934e4d46d3fbc4c91f40e
SHA512 65951bb9700698340606612bf6f9717d2aff1bdbe348014c4aaadae7fd34bccd7581826f886eeeeaa64918236c91f8899cba9e46d126ae9b7cc13a54e4e815ef

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\INSTAL~1\setup.exe

MD5 e66822cbce10da2a97051f1809b17a9a
SHA1 d84eb48c925e3ca6deb8424cf8346eb4f59dd194
SHA256 417f5641d4ab07a51e705fed397bc753e6bd1f32ba32e8b8addb0c95e205fe15
SHA512 fc3b7d1e507d8605d0e8d959b5f8f33be2e5036e4e7f8cf0029a1bd4f02bb7795255b12a7b7ac1102cd1ca62cd3c3e98aa504911acf15036af4e1d644ac0d4ac

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\identity_helper.exe

MD5 3556d1955447a98178c968c98e036256
SHA1 1e6ce04e1cc0a94a9e400f0f171b05c9d5d3b602
SHA256 c2d226bb23cd9e01f6f06579c393046591311e74f6b39e87c1afd5feaf4f9dd7
SHA512 f29c8c97de8fd1d9994558da6d924923f215238b467d5e31e58eb60ff2d7a1640df7cafa5f04fb3d2f916bde5fc94038f22696fdb0ab953bf436166df663b1f3

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\elevation_service.exe

MD5 b9a8002e7ce47ab04e60008fb45ef10a
SHA1 c1fdc96ed002227f507662dd71521e40c1856dea
SHA256 d5482f8c53f136ef3be0156ad214b404dfcd3ebd2118f199a77fb596df9f5ca6
SHA512 4457df873f210e329736b32afd16de8eb335065b945f4bbc654883e1e759e55c47d7c3ca248e470bebb666eb1dbeb7f8db1f220663e87ae337c890c5dcfbdedb

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\cookie_exporter.exe

MD5 0373c4900e10efdcba354f7d89ce3a11
SHA1 2f2d62d06dab202157b33d6984e94d8326e94add
SHA256 bb8b08413250fe316dabf53e471491c2bfbfed2dbba733c4df38e714dbfe71b0
SHA512 6fdc31a2b01860195e003a265cac78201758274ccb602a456934959eeb578635c9a45bcdacbf2c68d29034b257d3320bdad93619ef56f3659bcf6a1c3a8d6b1a

C:\PROGRA~2\MICROS~1\EDGEWE~1\APPLIC~1\125025~1.92\BHO\ie_to_edge_stub.exe

MD5 6f8451ebd872f0cf0b4ac8cdc48d21d0
SHA1 619aa4f17cf90b114faf2643ca3ca1b36ce089ad
SHA256 09c249bf6569f009bfcb67dc6e0c92ce8d8482634b9776454186140b5dbde23e
SHA512 3cf890ba0a39cb3609f0ab2203dbfaaa92748e76dd150f19ce14d60a18c41248f15e184a18a72a796fe83662686cb94a2d5b19f0b20c070d12f49ce429c710db

C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe

MD5 5d656c152b22ddd4f875306ca928243a
SHA1 177ff847aa898afa1b786077ae87b5ae0c7687c7
SHA256 4d87b0eb331443b473c90650d31b893d00373ff88dcbcb3747f494407799af69
SHA512 d5e50ee909ea06e69fc0d9999c6d142f9154e6f63462312b4e950cf6e26a7d395dbb50c8e2a8c4f4e1cfb7b2c6ae8ad19e3b7c204c20e7557daa1a0deb454160

C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13187~1.41\MICROS~1.EXE

MD5 5b35aa46464988c8327cf4c2047136c7
SHA1 523cab57fb507d649bfff9e629cfa4aaddc67fc2
SHA256 0636f8d698ad363d13259524aeba8d69504d44846db40b259a475f9a662e3883
SHA512 c212dc636ba5f221c2c4b435c29561fd9abf40f2f68dbb8f32a0dc059e540345d45dcc5e1bab7e9e09c31991023b073a19136826ab17ca948c41e52f9c2bfc01

C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI9C33~1.EXE

MD5 257b8b814ebfef90aa0c676a1f7e830d
SHA1 d07cf70b3d48d3bc81d30bb998267be42cb1dabe
SHA256 fae945b71f384f2c764b6808ae056e335e11325cc8b3853f8735c6c5782bf089
SHA512 dc618e61b33b94be99de32c88d8859405cb0d7f01c79c76ad9751692c5e3acbab7ebbb87104caa8e8de98d1dd841e5afb8c39a315b4a6099b177f7755a55f372

C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~2.EXE

MD5 6e307eb6db7880bf2ec6925a9324d739
SHA1 cf40a67248005c4c636851cdf244284c0d373cd4
SHA256 dbd657f40b2f7f6504a8b348c639b5d1fe9eb7703fe1b7fd01029e8ebdc4c578
SHA512 5677756587cbc04904517cc7196dd65dfb9368ebfc43ed21f878f6ac3bec0348d9c8b30ad4f35a8f5ca69c01de5f6bd0fa3b1bf1d4f7d025432a6fdacc315af4

C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~3.EXE

MD5 2bc9343208e3df41ae15d6c995061ad1
SHA1 4c9f010eaf1987022e0e53a1454ef59b1faad942
SHA256 d543ec6bf3f79de79c438a9faf336f3484f30d44d26303063fa2959139373268
SHA512 d116186f3121aba9002377a2334783753c2d684869bff67b2f26c3282d22592ab34f234e08d43d07155f48d8e58d858718b6a2d92c33f142e22d67892be7d6e2

C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI391D~1.EXE

MD5 17910e3ec1e0ce140176be114622722f
SHA1 945c03c0fef71864818c3f93ce9c0233ca98ce2e
SHA256 af6787dc006c5ccf12de2a10bccef2fa71fb6ab6d9d39e8d405c09f2b6141401
SHA512 5a504fa3b3cddc5ad01edd1cd8351d8dea4ec94215fc800e752bd27ec5e5452d5748be96e08087f6b718c1805f17cf1262b648a706cba2725f21fda860ec3cba

C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~1.EXE

MD5 bd4826a4dea482a848177876aae810af
SHA1 8f002108345c9d1dd089af53cf17259fa778d5e2
SHA256 d48050c5a3bd60f46e6a00eabe312f676a4f19286fd608930b206246750d7332
SHA512 d9451bd3f1304970a47334a63a0462241cae422d684d24d58a4b5713745ff1f3288dde6a86337b3527b383d3f7e0a3ca4912e657e48f9e729bfcddacde94bf36

memory/1408-231-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1896-238-0x0000000000400000-0x000000000041B000-memory.dmp

memory/980-239-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3344-246-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4028-247-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2088-254-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3468-255-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2548-262-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2688-263-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2676-265-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4360-271-0x0000000000400000-0x000000000041B000-memory.dmp

memory/396-273-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1060-279-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4584-281-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1064-287-0x0000000000400000-0x000000000041B000-memory.dmp

memory/800-289-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3788-295-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4280-297-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3784-303-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2136-310-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3728-311-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3700-313-0x0000000000400000-0x000000000041B000-memory.dmp

memory/532-319-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2512-326-0x0000000000400000-0x000000000041B000-memory.dmp

memory/652-327-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1868-329-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4960-335-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4616-337-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1764-343-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3300-350-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4768-351-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4880-353-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3936-359-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2096-366-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1820-367-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1896-369-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2480-375-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3344-377-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4588-385-0x0000000000400000-0x000000000041B000-memory.dmp

memory/464-383-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4368-391-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2720-393-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2056-399-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1940-401-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1844-407-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1736-414-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4036-415-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1752-417-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3024-423-0x0000000000400000-0x000000000041B000-memory.dmp

memory/800-430-0x0000000000400000-0x000000000041B000-memory.dmp