Malware Analysis Report

2024-11-16 12:11

Sample ID 240714-3clqbaxbnp
Target 47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118
SHA256 712bce959db0532b24c22bf3962288cf853a3267852640211ac280f6460da7c4
Tags
neshta persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

712bce959db0532b24c22bf3962288cf853a3267852640211ac280f6460da7c4

Threat Level: Known bad

The file 47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

neshta persistence spyware stealer

Neshta

Detect Neshta payload

Neshta family

Checks computer location settings

Loads dropped DLL

Modifies system executable filetype association

Reads user/profile data of web browsers

Executes dropped EXE

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-14 23:22

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Neshta family

neshta

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-14 23:22

Reported

2024-07-14 23:24

Platform

win7-20240708-en

Max time kernel

122s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wab.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\OIS.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSQRY32.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\SELFCERT.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wabmig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wabmig.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\misc.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wab.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 904 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe
PID 904 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe
PID 904 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe
PID 904 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe
PID 2132 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Windows\svchost.com
PID 2132 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Windows\svchost.com
PID 2132 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Windows\svchost.com
PID 2132 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Windows\svchost.com
PID 2704 wrote to memory of 2760 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2704 wrote to memory of 2760 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2704 wrote to memory of 2760 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2704 wrote to memory of 2760 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2760 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2760 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2760 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2760 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2860 wrote to memory of 2872 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2860 wrote to memory of 2872 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2860 wrote to memory of 2872 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2860 wrote to memory of 2872 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2872 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2872 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2872 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2872 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2168 wrote to memory of 2776 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2168 wrote to memory of 2776 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2168 wrote to memory of 2776 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2168 wrote to memory of 2776 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2776 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2776 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2776 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2776 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2604 wrote to memory of 2112 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2604 wrote to memory of 2112 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2604 wrote to memory of 2112 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2604 wrote to memory of 2112 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2112 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2112 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2112 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2112 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2096 wrote to memory of 1664 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2096 wrote to memory of 1664 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2096 wrote to memory of 1664 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2096 wrote to memory of 1664 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 1664 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 1664 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 1664 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 1664 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2328 wrote to memory of 2672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2328 wrote to memory of 2672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2328 wrote to memory of 2672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2328 wrote to memory of 2672 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2672 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2672 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2672 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2672 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2956 wrote to memory of 2124 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2956 wrote to memory of 2124 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2956 wrote to memory of 2124 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2956 wrote to memory of 2124 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2124 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2124 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2124 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2124 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe

MD5 7e4414943f4e731cb696b60d75906dca
SHA1 cad49f594e5452a89484dfa271f6fd567b1112f3
SHA256 e323eeaa4bb4a7a81b0518048dc42780c7f9fd6b773bc6b60e1d2aa18f245fb6
SHA512 a5ec48479395ea3409b57fcfc8e9f252bf6175742d57ff80fdcaaa37c9355514d9856ff6694706f624b5429442e2df47ac1e6a258749d45ee132b91c21438d6c

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe

MD5 cf6c595d3e5e9667667af096762fd9c4
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d
SHA512 ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 02ee6a3424782531461fb2f10713d3c1
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc
SHA512 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec

C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 566ed4f62fdc96f175afedd811fa0370
SHA1 d4b47adc40e0d5a9391d3f6f2942d1889dd2a451
SHA256 e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460
SHA512 cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7

C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe

MD5 58b58875a50a0d8b5e7be7d6ac685164
SHA1 1e0b89c1b2585c76e758e9141b846ed4477b0662
SHA256 2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae
SHA512 d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b

memory/2760-31-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2704-33-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 96e12755ed3b9173e5dcef9331874978
SHA1 0f4c140d557a2899f47aa302cb767241a6d6904d
SHA256 fb4e974227285e9a6e73e19c3f1608841de782b77c4ecab363c9b319ddc0b14d
SHA512 6dc3a38fa45d2077e72ae411e27e6a943b899f11eb2edb21e8cf74977dbb98569e727dc1258b9ee3d917013c62f4f758bce260b7c5acfecaf31fc45d036b996e

memory/2860-47-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2872-46-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2776-61-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2168-62-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2112-76-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2604-77-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2096-93-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1664-92-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2672-106-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2328-107-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2956-122-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2124-121-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe

MD5 3ec4922dbca2d07815cf28144193ded9
SHA1 75cda36469743fbc292da2684e76a26473f04a6d
SHA256 0587fd366ea7e94b3ae500874b1c5d684b5357fcc7389682d5a13c3301a28801
SHA512 956c3a1f2689cb72600edd2e90d652b77592a8a81d319dce026e88f6c02231af06aebd57d68460eb406de00c113522173423cb1b339a41a3918f379c7dc311f7

memory/1952-143-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1472-142-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2172-157-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2240-158-0x0000000000400000-0x000000000041B000-memory.dmp

memory/340-176-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2072-177-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2212-195-0x0000000000400000-0x000000000041B000-memory.dmp

memory/752-196-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2324-211-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2220-212-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1416-235-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1684-236-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2692-253-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2692-255-0x0000000076D80000-0x0000000076E7A000-memory.dmp

memory/2692-254-0x0000000076C60000-0x0000000076D7F000-memory.dmp

memory/1584-257-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2692-256-0x00000000028C0000-0x000000000350A000-memory.dmp

memory/1536-269-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2720-268-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2164-282-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2832-281-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2876-293-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2740-294-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2884-305-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2828-304-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2688-313-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2640-312-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1556-320-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2192-321-0x0000000000400000-0x000000000041B000-memory.dmp

memory/664-328-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1392-336-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2340-337-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2596-345-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2984-344-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1776-352-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2148-353-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1232-361-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2248-360-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1008-368-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1988-369-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2944-377-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2136-376-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2452-385-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1268-384-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2092-392-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3028-393-0x0000000000400000-0x000000000041B000-memory.dmp

memory/952-400-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1064-401-0x0000000000400000-0x000000000041B000-memory.dmp

memory/972-408-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

MD5 7b112b1fb864c90ec5b65eab21cb40b8
SHA1 e7b73361f722fc7cbb93ef98a8d26e34f4d49767
SHA256 751941b4e09898c31791efeb5f90fc7367c89831d4a98637ed505e40763e287b
SHA512 bf9cdeff39cc4fa48457c55ad02e3856b5b27998535aed801a469252f01e7676462332fa3f93877753e963d037472f615c1fc5fc2e996316621b4e0a180cb5f5

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-14 23:22

Reported

2024-07-14 23:24

Platform

win10v2004-20240709-en

Max time kernel

51s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MIA062~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13187~1.41\MICROS~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI391D~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~2.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI9C33~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3488 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe
PID 3488 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe
PID 3488 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe
PID 3288 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Windows\svchost.com
PID 3288 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Windows\svchost.com
PID 3288 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe C:\Windows\svchost.com
PID 1912 wrote to memory of 1120 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 1912 wrote to memory of 1120 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 1912 wrote to memory of 1120 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 1120 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 1120 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 1120 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2264 wrote to memory of 2732 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2264 wrote to memory of 2732 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2264 wrote to memory of 2732 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2732 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2732 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2732 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4652 wrote to memory of 4744 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 4652 wrote to memory of 4744 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 4652 wrote to memory of 4744 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 4744 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4744 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4744 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 760 wrote to memory of 4684 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 760 wrote to memory of 4684 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 760 wrote to memory of 4684 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 4684 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4684 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4684 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4672 wrote to memory of 4276 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 4672 wrote to memory of 4276 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 4672 wrote to memory of 4276 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 4276 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4276 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4276 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 1344 wrote to memory of 1980 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 1344 wrote to memory of 1980 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 1344 wrote to memory of 1980 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 1980 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 1980 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 1980 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 3636 wrote to memory of 2448 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 3636 wrote to memory of 2448 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 3636 wrote to memory of 2448 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2448 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2448 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2448 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 2520 wrote to memory of 892 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2520 wrote to memory of 892 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 2520 wrote to memory of 892 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 892 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 892 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 892 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 3204 wrote to memory of 4476 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 3204 wrote to memory of 4476 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 3204 wrote to memory of 4476 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 4476 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4476 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 4476 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com
PID 3816 wrote to memory of 4424 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 3816 wrote to memory of 4424 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 3816 wrote to memory of 4424 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE
PID 4424 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\47393E~1.EXE

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\3582-490\47393e2b8e1d924cf815f8eef31d0952_JaffaCakes118.exe

MD5 7e4414943f4e731cb696b60d75906dca
SHA1 cad49f594e5452a89484dfa271f6fd567b1112f3
SHA256 e323eeaa4bb4a7a81b0518048dc42780c7f9fd6b773bc6b60e1d2aa18f245fb6
SHA512 a5ec48479395ea3409b57fcfc8e9f252bf6175742d57ff80fdcaaa37c9355514d9856ff6694706f624b5429442e2df47ac1e6a258749d45ee132b91c21438d6c

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/1912-16-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1120-20-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 96e12755ed3b9173e5dcef9331874978
SHA1 0f4c140d557a2899f47aa302cb767241a6d6904d
SHA256 fb4e974227285e9a6e73e19c3f1608841de782b77c4ecab363c9b319ddc0b14d
SHA512 6dc3a38fa45d2077e72ae411e27e6a943b899f11eb2edb21e8cf74977dbb98569e727dc1258b9ee3d917013c62f4f758bce260b7c5acfecaf31fc45d036b996e

memory/2264-28-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2732-39-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4652-40-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4744-44-0x0000000000400000-0x000000000041B000-memory.dmp

memory/760-52-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4684-56-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4672-64-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4276-68-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1344-76-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1980-86-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3636-88-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2448-92-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2520-106-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE

MD5 3b73078a714bf61d1c19ebc3afc0e454
SHA1 9abeabd74613a2f533e2244c9ee6f967188e4e7e
SHA256 ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29
SHA512 75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe

MD5 576410de51e63c3b5442540c8fdacbee
SHA1 8de673b679e0fee6e460cbf4f21ab728e41e0973
SHA256 3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe
SHA512 f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE

MD5 12c29dd57aa69f45ddd2e47620e0a8d9
SHA1 ba297aa3fe237ca916257bc46370b360a2db2223
SHA256 22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880
SHA512 255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488

memory/892-123-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE

MD5 4ddc609ae13a777493f3eeda70a81d40
SHA1 8957c390f9b2c136d37190e32bccae3ae671c80a
SHA256 16d65f2463658a72dba205dcaa18bc3d0bab4453e726233d68bc176e69db0950
SHA512 9d7f90d1529cab20078c2690bf7bffab5a451a41d8993781effe807e619da0e7292f991da2f0c5c131b111d028b3e6084e5648c90816e74dfb664e7f78181bc5

C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe

MD5 5791075058b526842f4601c46abd59f5
SHA1 b2748f7542e2eebcd0353c3720d92bbffad8678f
SHA256 5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394
SHA512 83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb

memory/3204-135-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4476-139-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3816-147-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4424-151-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1640-159-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe

MD5 d47ed8961782d9e27f359447fa86c266
SHA1 d37d3f962c8d302b18ec468b4abe94f792f72a3b
SHA256 b1ec065f71cc40f400e006586d370997102860504fd643b235e8ed9f5607262a
SHA512 3e33f2cdf35024868b183449019de9278035e7966b342ba320a6c601b5629792cbb98a19850d4ca80b906c85d10e8503b0193794d1f1efa849fa33d26cff0669

memory/3944-163-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE

MD5 cbd96ba6abe7564cb5980502eec0b5f6
SHA1 74e1fe1429cec3e91f55364e5cb8385a64bb0006
SHA256 405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa
SHA512 a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe

MD5 9a8d683f9f884ddd9160a5912ca06995
SHA1 98dc8682a0c44727ee039298665f5d95b057c854
SHA256 5e2e22ead49ce9cc11141dbeebbe5b93a530c966695d8efc2083f00e6be53423
SHA512 6aecf8c5cb5796d6879f8643e20c653f58bad70820896b0019c39623604d5b3c8a4420562ab051c6685edce60aa068d9c2dbb4413a7b16c6d01a9ac10dc22c12

C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaw.exe

MD5 892cf4fc5398e07bf652c50ef2aa3b88
SHA1 c399e55756b23938057a0ecae597bd9dbe481866
SHA256 e2262c798729169f697e6c30e5211cde604fd8b14769311ff4ea81abba8c2781
SHA512 f16a9e4b1150098c5936ec6107c36d47246dafd5a43e9f4ad9a31ecab69cc789c768691fa23a1440fae7f6e93e8e62566b5c86f7ed6bb4cfe26368149ea8c167

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

MD5 452c3ce70edba3c6e358fad9fb47eb4c
SHA1 d24ea3b642f385a666159ef4c39714bec2b08636
SHA256 da73b6e071788372702104b9c72b6697e84e7c75e248e964996700b77c6b6f1c
SHA512 fe8a0b9b1386d6931dc7b646d0dd99c3d1b44bd40698b33077e7eeba877b53e5cb39ff2aa0f6919ccab62953a674577bc1b2516d9cadc0c051009b2083a08085

C:\PROGRA~2\Google\Update\DISABL~1.EXE

MD5 7429ce42ac211cd3aa986faad186cedd
SHA1 b61a57f0f99cfd702be0fbafcb77e9f911223fac
SHA256 d608c05409ac4bd05d8e0702fcf66dfae5f4f38cbae13406842fa5504f4d616f
SHA512 ee4456877d6d881d9904013aabecb9f2daf6fc0ec7a7c9251e77396b66a7f5a577fe8544e64e2bb7464db429db56a3fe47c183a81d40cc869d01be573ab5e4c1

memory/3872-200-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4504-209-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe

MD5 5119e350591269f44f732b470024bb7c
SHA1 4ccd48e4c6ba6e162d1520760ee3063e93e2c014
SHA256 2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873
SHA512 599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4

memory/3984-235-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4320-245-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1304-248-0x0000000000400000-0x000000000041B000-memory.dmp

memory/392-251-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3296-265-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4664-274-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4400-284-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3884-293-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2796-294-0x0000000000400000-0x000000000041B000-memory.dmp

memory/5032-296-0x0000000000400000-0x000000000041B000-memory.dmp

memory/452-306-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4928-313-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4404-314-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2776-321-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3224-322-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2448-329-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4140-330-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4704-337-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4420-338-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4492-340-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3284-341-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2804-343-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2340-349-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4344-351-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4836-357-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3804-364-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3868-365-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2892-367-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3328-373-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2056-375-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3628-381-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4544-383-0x0000000000400000-0x000000000041B000-memory.dmp

memory/976-389-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2404-391-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4896-397-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4484-404-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4300-406-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1304-407-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2120-413-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1480-415-0x0000000000400000-0x000000000041B000-memory.dmp