Malware Analysis Report

2024-11-16 12:11

Sample ID 240717-2k7gbasglj
Target 551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118
SHA256 1a8039dafa96cfe91e7aa981c35ebc1ceed9a0cf75f80bddbe1f762a003457ee
Tags
neshta persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1a8039dafa96cfe91e7aa981c35ebc1ceed9a0cf75f80bddbe1f762a003457ee

Threat Level: Known bad

The file 551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

neshta persistence spyware stealer

Neshta

Detect Neshta payload

Neshta family

Reads user/profile data of web browsers

Executes dropped EXE

Checks computer location settings

Modifies system executable filetype association

Loads dropped DLL

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-17 22:39

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Neshta family

neshta

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-17 22:39

Reported

2024-07-17 22:42

Platform

win10v2004-20240709-en

Max time kernel

141s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI9C33~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~4.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wab.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File created C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3328 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 3328 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 3328 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 4540 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.exe
PID 4540 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.exe
PID 4540 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.exe
PID 4544 wrote to memory of 2112 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 4544 wrote to memory of 2112 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 4544 wrote to memory of 2112 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 2112 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.com
PID 2112 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.com
PID 2112 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.com
PID 1376 wrote to memory of 2752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1376 wrote to memory of 2752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1376 wrote to memory of 2752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2752 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2752 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2752 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2468 wrote to memory of 352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2468 wrote to memory of 352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2468 wrote to memory of 352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 352 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 352 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 352 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 4676 wrote to memory of 2228 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 4676 wrote to memory of 2228 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 4676 wrote to memory of 2228 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2228 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2228 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2228 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2528 wrote to memory of 1388 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2528 wrote to memory of 1388 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2528 wrote to memory of 1388 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1388 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1388 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1388 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 3560 wrote to memory of 1352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 3560 wrote to memory of 1352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 3560 wrote to memory of 1352 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1352 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1352 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1352 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 4896 wrote to memory of 64 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 4896 wrote to memory of 64 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 4896 wrote to memory of 64 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 64 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 64 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 64 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 3248 wrote to memory of 2204 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 3248 wrote to memory of 2204 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 3248 wrote to memory of 2204 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2204 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2204 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2204 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 3180 wrote to memory of 4280 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 3180 wrote to memory of 4280 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 3180 wrote to memory of 4280 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 4280 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 4280 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 4280 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 736 wrote to memory of 3240 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 736 wrote to memory of 3240 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 736 wrote to memory of 3240 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 3240 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

C:\Windows\svchost.exe

C:\Windows\svchost.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

MD5 f645af7056995cab19340639f750dd63
SHA1 bb513aac225f340c246ad5b2f8f4d3115bec8050
SHA256 f7f632f149c8c3169c3c00bc08c3f54f97a8d184f44a8f46eed3dbef2a5d3fc5
SHA512 7d837ab897e1de7cb23f5fa53d4ad57da0b3e7cb68e41a629075bfc5c09dbda86ccf5df3689a674b422daba617e3c3898821c454ee61ba9ca198396c9f452b11

memory/4540-12-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\svchost.exe

MD5 9e3c13b6556d5636b745d3e466d47467
SHA1 2ac1c19e268c49bc508f83fe3d20f495deb3e538
SHA256 20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8
SHA512 5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

MD5 568ae02648e3709c44dd639294cff788
SHA1 b1e87d170724dd6002954906cfcee177ba108be6
SHA256 733cb8937d64859ec310bdf84c2d5a29271f41592dbeb2af131ed537ff3e0b3a
SHA512 2a8f0d4e4e9c7470944e5655356a2d611f8e301e7b66bf5d21658a65061a7e5f13c4b9c041e723af8b61f000e6db58532d9566157ecdacfc66ba18dc2f8e4736

memory/4544-20-0x0000000000400000-0x000000000040D000-memory.dmp

C:\Windows\svchost.com

MD5 c8d346a0bef2a8b7df1d6114ab6c9d8b
SHA1 c5737486159d5341d0dfa3ac408d6f3539498b08
SHA256 2ba4d9c2fed46b4bdcbf6e645caa28da05c3969af4dfdd15545c134e8f62a60e
SHA512 64a8bd6d616dade88fdc107c516c6846f228119f8159b27c2c1c775e4ffef5e1eab0cdf79ce45c7490e738ac267cf58135e581fa850da18e8f96a8646a17a494

memory/1376-30-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 447728911790d38645fc8eada6b1d07b
SHA1 327fbaba66da2401c6d859db70bcfa3f84e8d2bf
SHA256 7b31cf839781c2d60fdc51e6672ec7198484c3c32d6bec4ddc5ed6dfeb577299
SHA512 196f67674b01d1f90eb7103fe0e3c5f7f78f8fb214d297faea5240399edb310628c79e34d49ca8ecb8f8ef55baa147d31d4bddd917f60c67d02ed322be311a12

memory/2752-41-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2468-42-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/352-52-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4676-54-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2228-64-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2528-66-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1388-70-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3560-78-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1352-88-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4896-90-0x0000000000400000-0x000000000041B000-memory.dmp

memory/64-101-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3248-102-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE

MD5 19a6299fafd5618493c4c402f0d00e4b
SHA1 aa0cad92bcae14fcaf147ae53d493bfb8b5532c0
SHA256 5b4513c5c3610d54219bde05c4cb026d667ccf3836bda42fb31b0129beed6f0a
SHA512 1a9dad1dcd3fe9d00d335f39bfc4bab2e520c3625d20d7dbbc59ff2966591d11544778cfd48d8bb63987b1a65b51b258c3be98adee127cfd91c81e1bd09220c6

C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe

MD5 5791075058b526842f4601c46abd59f5
SHA1 b2748f7542e2eebcd0353c3720d92bbffad8678f
SHA256 5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394
SHA512 83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb

memory/2204-128-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE

MD5 176436d406fd1aabebae353963b3ebcf
SHA1 9ffdfdb8cc832a0c6501c4c0e85b23a0f7eff57a
SHA256 2f947e3ca624ce7373080b4a3934e21644fb070a53feeaae442b15b849c2954f
SHA512 a2d1a714e0c1e5463260c64048ba8fd5064cfa06d4a43d02fc04a30748102ff5ba86d20a08e611e200dc778e2b7b3ae808da48132a05a61aa09ac424a182a06a

C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE

MD5 12c29dd57aa69f45ddd2e47620e0a8d9
SHA1 ba297aa3fe237ca916257bc46370b360a2db2223
SHA256 22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880
SHA512 255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488

C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe

MD5 cce8964848413b49f18a44da9cb0a79b
SHA1 0b7452100d400acebb1c1887542f322a92cbd7ae
SHA256 fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5
SHA512 bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe

MD5 576410de51e63c3b5442540c8fdacbee
SHA1 8de673b679e0fee6e460cbf4f21ab728e41e0973
SHA256 3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe
SHA512 f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE

MD5 3b73078a714bf61d1c19ebc3afc0e454
SHA1 9abeabd74613a2f533e2244c9ee6f967188e4e7e
SHA256 ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29
SHA512 75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

MD5 8ffc3bdf4a1903d9e28b99d1643fc9c7
SHA1 919ba8594db0ae245a8abd80f9f3698826fc6fe5
SHA256 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6
SHA512 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe

MD5 322302633e36360a24252f6291cdfc91
SHA1 238ed62353776c646957efefc0174c545c2afa3d
SHA256 31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c
SHA512 5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE

MD5 a344438de9e499ca3d9038688440f406
SHA1 c961917349de7e9d269f6f4a5593b6b9d3fcd4d2
SHA256 715f6420c423ae4068b25a703d5575f7c147b26e388f0fff1ae20c6abe821557
SHA512 8bf3c621725fddafa6326b057fee9beee95966e43c5fbab40ebaa4a1a64d17acca97a19d0ece10c3574e13e194ff191316871d1d46d4d74ffc0ac3efb403bca9

memory/3180-142-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4280-153-0x0000000000400000-0x000000000041B000-memory.dmp

memory/736-154-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE

MD5 bcd0f32f28d3c2ba8f53d1052d05252d
SHA1 c29b4591df930dabc1a4bd0fa2c0ad91500eafb2
SHA256 bb07d817b8b1b6b4c25e62b6120e51dec10118557d7b6b696ad084a5ba5bfdeb
SHA512 79f407735853f82f46870c52058ceee4d91857a89db14868ee1169abd5c0fd2e3fa1ed230ab90b5f479a9581b88998643d69b0df498defea29e73b0d487f3b10

memory/3240-172-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe

MD5 9a8d683f9f884ddd9160a5912ca06995
SHA1 98dc8682a0c44727ee039298665f5d95b057c854
SHA256 5e2e22ead49ce9cc11141dbeebbe5b93a530c966695d8efc2083f00e6be53423
SHA512 6aecf8c5cb5796d6879f8643e20c653f58bad70820896b0019c39623604d5b3c8a4420562ab051c6685edce60aa068d9c2dbb4413a7b16c6d01a9ac10dc22c12

C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaw.exe

MD5 814434ae16b63ef396afefd41b22206a
SHA1 7aa89a223d9ed97136077aff6d4a08fa80328f3b
SHA256 92b21fd8f563efb9f693defce3107fe3e55e462561a852a5409aadcca703e9f1
SHA512 b35afc631fdf31e6e81d85c028e19af6b39bf88a908eb5e2d511900b4a303e4c6d4eab99793b3549d3bc70aaadf0da0926f55e35f0a3bd466b871ca61d8847ca

C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE

MD5 d9a290f7aec8aff3591c189b3cf8610a
SHA1 7558d29fb32018897c25e0ac1c86084116f1956c
SHA256 41bed95cb1101181a97460e2395efebb0594849e6f48b80a2b7c376ddf5ce0ea
SHA512 b55ab687a75c11ba99c64be42ad8471576aa2df10ce1bb61e902e98827e3a38cd922e365751bd485cac089c2bd8bccf939a578da7238506b77fe02a3eb7994c6

C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE

MD5 d9186b6dd347f1cf59349b6fc87f0a98
SHA1 6700d12be4bd504c4c2a67e17eea8568416edf93
SHA256 a892284c97c8888a589ea84f88852238b8cd97cc1f4af85b93b5c5264f5c40d4
SHA512 a29cc26028a68b0145cb20ec353a4406ec86962ff8c3630c96e0627639cf76e0ea1723b7b44592ea4f126c4a48d85d92f930294ae97f72ecc95e3a752a475087

C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE

MD5 87bb2253f977fc3576a01e5cbb61f423
SHA1 5129844b3d8af03e8570a3afcdc5816964ed8ba4
SHA256 3fc32edf3f9ab889c2cdf225a446da1e12a7168a7a56165efe5e9744d172d604
SHA512 7cfd38ceb52b986054a68a781e01c3f99e92227f884a4401eb9fbc72f4c140fd32a552b4a102bedf9576e6a0da216bc10ce29241f1418acb39aeb2503cb8d703

C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE

MD5 cdc455fa95578320bd27e0d89a7c9108
SHA1 60cde78a74e4943f349f1999be3b6fc3c19ab268
SHA256 d7f214dc55857c3576675279261a0ee1881f7ddee4755bb0b9e7566fc0f425a9
SHA512 35f3741538bd59f6c744bcad6f348f4eb6ea1ee542f9780daa29de5dbb2d772b01fe4774fb1c2c7199a349488be309ceedd562ceb5f1bdcdd563036b301dcd9f

C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE

MD5 7429ce42ac211cd3aa986faad186cedd
SHA1 b61a57f0f99cfd702be0fbafcb77e9f911223fac
SHA256 d608c05409ac4bd05d8e0702fcf66dfae5f4f38cbae13406842fa5504f4d616f
SHA512 ee4456877d6d881d9904013aabecb9f2daf6fc0ec7a7c9251e77396b66a7f5a577fe8544e64e2bb7464db429db56a3fe47c183a81d40cc869d01be573ab5e4c1

memory/4316-212-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1208-226-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4328-235-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2516-242-0x0000000000400000-0x000000000041B000-memory.dmp

memory/644-246-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4380-248-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2928-268-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4980-275-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2912-281-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2756-283-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2072-295-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4792-298-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1824-303-0x0000000000400000-0x000000000041B000-memory.dmp

memory/5048-305-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2172-311-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3188-313-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2492-319-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4236-326-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2352-328-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3140-334-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1008-335-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4492-342-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3232-343-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2696-350-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1872-351-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3236-353-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1412-359-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2132-366-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3660-367-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3308-369-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3436-375-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4148-377-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3836-383-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3696-390-0x0000000000400000-0x000000000041B000-memory.dmp

memory/424-391-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4428-398-0x0000000000400000-0x000000000041B000-memory.dmp

memory/556-399-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2460-401-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1992-407-0x0000000000400000-0x000000000041B000-memory.dmp

memory/352-414-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4080-415-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1692-417-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2036-423-0x0000000000400000-0x000000000041B000-memory.dmp

memory/5048-425-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-17 22:39

Reported

2024-07-17 22:42

Platform

win7-20240704-en

Max time kernel

37s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\WMPDMC.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\INFOPATH.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\misc.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wabmig.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSQRY32.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\OIS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File created C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1612 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 1612 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 1612 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 1612 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 2444 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2444 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2444 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2444 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2732 wrote to memory of 2888 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 2732 wrote to memory of 2888 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 2732 wrote to memory of 2888 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 2732 wrote to memory of 2888 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe
PID 2888 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.com
PID 2888 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.com
PID 2888 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.com
PID 2888 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe C:\Windows\svchost.com
PID 2320 wrote to memory of 2760 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2320 wrote to memory of 2760 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2320 wrote to memory of 2760 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2320 wrote to memory of 2760 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2760 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2760 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2760 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2760 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2696 wrote to memory of 1952 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2696 wrote to memory of 1952 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2696 wrote to memory of 1952 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2696 wrote to memory of 1952 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1952 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1952 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1952 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1952 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1892 wrote to memory of 1900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1892 wrote to memory of 1900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1892 wrote to memory of 1900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1892 wrote to memory of 1900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1900 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1900 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1900 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1900 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1616 wrote to memory of 1980 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1616 wrote to memory of 1980 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1616 wrote to memory of 1980 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1616 wrote to memory of 1980 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1980 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1980 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1980 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1980 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 620 wrote to memory of 1500 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 620 wrote to memory of 1500 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 620 wrote to memory of 1500 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 620 wrote to memory of 1500 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1500 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1500 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1500 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1500 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 2844 wrote to memory of 1624 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2844 wrote to memory of 1624 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2844 wrote to memory of 1624 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 2844 wrote to memory of 1624 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE
PID 1624 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1624 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1624 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com
PID 1624 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe"

C:\Windows\svchost.exe

C:\Windows\svchost.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\551AEC~1.EXE

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

MD5 f645af7056995cab19340639f750dd63
SHA1 bb513aac225f340c246ad5b2f8f4d3115bec8050
SHA256 f7f632f149c8c3169c3c00bc08c3f54f97a8d184f44a8f46eed3dbef2a5d3fc5
SHA512 7d837ab897e1de7cb23f5fa53d4ad57da0b3e7cb68e41a629075bfc5c09dbda86ccf5df3689a674b422daba617e3c3898821c454ee61ba9ca198396c9f452b11

C:\Windows\svchost.exe

MD5 9e3c13b6556d5636b745d3e466d47467
SHA1 2ac1c19e268c49bc508f83fe3d20f495deb3e538
SHA256 20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8
SHA512 5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

memory/2444-19-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\551aecba174aa44156e4d2ec5deff5b7_JaffaCakes118.exe

MD5 568ae02648e3709c44dd639294cff788
SHA1 b1e87d170724dd6002954906cfcee177ba108be6
SHA256 733cb8937d64859ec310bdf84c2d5a29271f41592dbeb2af131ed537ff3e0b3a
SHA512 2a8f0d4e4e9c7470944e5655356a2d611f8e301e7b66bf5d21658a65061a7e5f13c4b9c041e723af8b61f000e6db58532d9566157ecdacfc66ba18dc2f8e4736

C:\Windows\svchost.com

MD5 c8d346a0bef2a8b7df1d6114ab6c9d8b
SHA1 c5737486159d5341d0dfa3ac408d6f3539498b08
SHA256 2ba4d9c2fed46b4bdcbf6e645caa28da05c3969af4dfdd15545c134e8f62a60e
SHA512 64a8bd6d616dade88fdc107c516c6846f228119f8159b27c2c1c775e4ffef5e1eab0cdf79ce45c7490e738ac267cf58135e581fa850da18e8f96a8646a17a494

memory/2732-35-0x0000000000400000-0x000000000040D000-memory.dmp

C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe

MD5 82544a4c699e2944bab822826ea3c3a9
SHA1 721464d799cd8c0d832111d6d23c7b4475d0aa74
SHA256 03a91e8eec5e51d2100df2de79c930f30ab56a4e7f24df89ac105b07a9aae6d7
SHA512 b49d82a91b7874ffa4b387452aafda536dc5f3765539d2e1e4781c907177ec378b8146b73b1c05bd1efa6fbfd31e98cfce75530b9a6e1bb8e72645785314332e

C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe

MD5 cf6c595d3e5e9667667af096762fd9c4
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d
SHA512 ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 02ee6a3424782531461fb2f10713d3c1
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc
SHA512 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec

C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 566ed4f62fdc96f175afedd811fa0370
SHA1 d4b47adc40e0d5a9391d3f6f2942d1889dd2a451
SHA256 e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460
SHA512 cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2760-51-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2320-52-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 447728911790d38645fc8eada6b1d07b
SHA1 327fbaba66da2401c6d859db70bcfa3f84e8d2bf
SHA256 7b31cf839781c2d60fdc51e6672ec7198484c3c32d6bec4ddc5ed6dfeb577299
SHA512 196f67674b01d1f90eb7103fe0e3c5f7f78f8fb214d297faea5240399edb310628c79e34d49ca8ecb8f8ef55baa147d31d4bddd917f60c67d02ed322be311a12

memory/2696-66-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1952-65-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1892-81-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1900-80-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1980-94-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1616-93-0x0000000000400000-0x000000000041B000-memory.dmp

memory/620-109-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1500-108-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1624-122-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2844-121-0x0000000000400000-0x000000000041B000-memory.dmp

memory/108-136-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1772-135-0x0000000000400000-0x000000000041B000-memory.dmp

memory/328-150-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2152-149-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2476-158-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1348-159-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1428-166-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2180-167-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2836-188-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2456-189-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1416-208-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1464-207-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1604-232-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2584-231-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2580-242-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1532-241-0x0000000000400000-0x000000000041B000-memory.dmp

memory/688-255-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2080-256-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2216-269-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1708-270-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2908-281-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2752-282-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2732-304-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2648-303-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1924-321-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1672-320-0x0000000000400000-0x000000000041B000-memory.dmp

memory/532-328-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1076-329-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1892-337-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2348-336-0x0000000000400000-0x000000000041B000-memory.dmp

memory/820-344-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3016-345-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1500-361-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2812-362-0x0000000000400000-0x000000000041B000-memory.dmp

memory/612-370-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1684-369-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1072-378-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1020-377-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1664-386-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2192-385-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1932-394-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1044-393-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2468-402-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2448-401-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1432-410-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2124-409-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2140-421-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1608-420-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2184-428-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1592-429-0x0000000000400000-0x000000000041B000-memory.dmp