Malware Analysis Report

2024-11-16 12:12

Sample ID 240719-zvmtjstcje
Target 5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118
SHA256 f356ecfae5a3d9082c3df1b263d04118ee2180313c9d69c0183d04ddc2d5ef30
Tags
neshta persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f356ecfae5a3d9082c3df1b263d04118ee2180313c9d69c0183d04ddc2d5ef30

Threat Level: Known bad

The file 5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

neshta persistence spyware stealer

Neshta family

Detect Neshta payload

Neshta

Modifies system executable filetype association

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-19 21:02

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Neshta family

neshta

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-19 21:02

Reported

2024-07-19 21:05

Platform

win7-20240704-en

Max time kernel

38s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DWTRIG20.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORE.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\Setup.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\misc.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\WMPDMC.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\SELFCERT.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2220 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe
PID 2220 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe
PID 2220 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe
PID 2220 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe
PID 3036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Windows\svchost.com
PID 3036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Windows\svchost.com
PID 3036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Windows\svchost.com
PID 3036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Windows\svchost.com
PID 3064 wrote to memory of 2700 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 3064 wrote to memory of 2700 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 3064 wrote to memory of 2700 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 3064 wrote to memory of 2700 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2700 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2700 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2700 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2700 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2904 wrote to memory of 2608 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2904 wrote to memory of 2608 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2904 wrote to memory of 2608 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2904 wrote to memory of 2608 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2608 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2608 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2608 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2608 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2880 wrote to memory of 2488 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2880 wrote to memory of 2488 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2880 wrote to memory of 2488 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2880 wrote to memory of 2488 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2488 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2488 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2488 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2488 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2568 wrote to memory of 2108 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2568 wrote to memory of 2108 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2568 wrote to memory of 2108 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2568 wrote to memory of 2108 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2108 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2108 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2108 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2108 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1728 wrote to memory of 1740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1728 wrote to memory of 1740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1728 wrote to memory of 1740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1728 wrote to memory of 1740 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1740 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1740 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1740 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1740 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2388 wrote to memory of 2288 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2388 wrote to memory of 2288 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2388 wrote to memory of 2288 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2388 wrote to memory of 2288 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 2288 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2288 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2288 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2288 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2580 wrote to memory of 1656 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2580 wrote to memory of 1656 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2580 wrote to memory of 1656 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2580 wrote to memory of 1656 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1656 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1656 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1656 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1656 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\F6FC.tmp\drm

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe

MD5 8757269a691bf4874ffe02da5baddaca
SHA1 f0a1eef86b660293352eaf232ec7734bd535b1da
SHA256 b3cbb79cdb933c208847f5ce5ca135e56fb8dcf48182fea2f38188545ba53a5d
SHA512 ab22e9b4d3052c1020e500b268227213b8da7b4eec3c9c0ad048c9ab7e43f52eb426e21864f3d357bd2771067388a75d084ef359db1df81f56100b9863a0ba5f

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe

MD5 cf6c595d3e5e9667667af096762fd9c4
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d
SHA512 ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 02ee6a3424782531461fb2f10713d3c1
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc
SHA512 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec

C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 566ed4f62fdc96f175afedd811fa0370
SHA1 d4b47adc40e0d5a9391d3f6f2942d1889dd2a451
SHA256 e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460
SHA512 cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7

C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe

MD5 58b58875a50a0d8b5e7be7d6ac685164
SHA1 1e0b89c1b2585c76e758e9141b846ed4477b0662
SHA256 2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae
SHA512 d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b

C:\Windows\directx.sys

MD5 07d4eb54e900583ba41b4d8c23510e37
SHA1 c3904373720ae94058fbd8b50c76cda5cbe67cd9
SHA256 ffb37677cc527507a778c2aa2935917a3c78c4311bb9986f31406d2f7dc9ca53
SHA512 be830aa126fcc36c0cd483f763982772b9d22440aa4e3c006377a467cbfbc1ec97dab58e0e8e98dec3c42d6d3bdcb3a9d57e91d906af18624955b0c68589cca6

memory/2608-45-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2904-44-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3064-31-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2880-59-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2488-58-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2108-72-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2568-73-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2700-30-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2388-101-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2288-100-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE

MD5 5987f7c82fb40510ced50b62938f14ea
SHA1 ee53b958c92a83618344155ad9a4e7024b984cf4
SHA256 96c052a763af458b94cd865c7990d36ab6c8d31eb01370f6772d153d897e0aa4
SHA512 6fea9aea1b567ded824946547a136257d772098f771086d684bdbcd0bfc22f34ac9dd1faa19af6a9f9182960d3d19a41d88e54632a50b23c0a691bf1cfb38fe1

C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE

MD5 8c4f4eb73490ca2445d8577cf4bb3c81
SHA1 0f7d1914b7aeabdb1f1e4caedd344878f48be075
SHA256 85f7249bfac06b5ee9b20c7f520e3fdc905be7d64cfbefb7dcd82cd8d44686d5
SHA512 65453075c71016b06430246c1ee2876b7762a03112caf13cff4699b7b40487616c88a1160d31e86697083e2992e0dd88ebf1721679981077799187efaa0a1769

memory/1900-141-0x0000000000400000-0x000000000041B000-memory.dmp

memory/960-142-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe

MD5 8bb6d1d1f40099aa6a629fbb036a8cb3
SHA1 8b388ca335032e3b04b0a7d1351ce25c61b4ba52
SHA256 a89419fc4ba9bf5f7ac6b348428ee57403fec3b5964f9e49b6eea49d779f4071
SHA512 3015b210c79a4c61143fa56d62caabc5aebfe8d95b20753aa7f52ed0bcd4faf801134e5ee614c3714d95da666e0548f88db4d3df96d6d7e0e124c5a5add23a81

memory/1656-114-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2084-155-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1220-157-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1104-178-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1760-177-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3008-192-0x0000000000400000-0x000000000041B000-memory.dmp

memory/936-191-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2156-210-0x0000000000400000-0x000000000041B000-memory.dmp

memory/984-209-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2128-228-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2908-227-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2368-253-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2132-252-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3024-271-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1672-272-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2436-286-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2756-280-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2688-288-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1732-289-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2660-297-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2060-296-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2880-304-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2820-305-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2328-313-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2468-312-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2108-325-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2396-324-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2580-115-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1728-86-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1740-85-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2472-337-0x0000000000400000-0x000000000041B000-memory.dmp

memory/824-336-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2740-345-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2812-344-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1828-353-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1656-352-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2308-361-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2180-360-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1796-368-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2588-369-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2184-380-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1632-376-0x0000000000400000-0x000000000041B000-memory.dmp

memory/612-388-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1652-387-0x0000000000400000-0x000000000041B000-memory.dmp

memory/812-395-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1328-396-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1104-404-0x0000000000400000-0x000000000041B000-memory.dmp

memory/820-403-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1336-412-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1540-411-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1528-420-0x0000000000400000-0x000000000041B000-memory.dmp

memory/536-419-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2076-2220-0x0000000001CD0000-0x0000000001D9E000-memory.dmp

memory/960-2222-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/960-2233-0x0000000000400000-0x00000000004CE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-19 21:02

Reported

2024-07-19 21:05

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI9C33~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI391D~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI8A19~1\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI8A19~1\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\wabmig.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI9C33~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1792 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe
PID 1792 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe
PID 1792 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe
PID 3764 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Windows\svchost.com
PID 3764 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Windows\svchost.com
PID 3764 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe C:\Windows\svchost.com
PID 1596 wrote to memory of 3472 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 1596 wrote to memory of 3472 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 1596 wrote to memory of 3472 N/A C:\Windows\svchost.com C:\Windows\svchost.com
PID 3472 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 3472 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 3472 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1224 wrote to memory of 2916 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1224 wrote to memory of 2916 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1224 wrote to memory of 2916 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2916 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2916 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2916 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 220 wrote to memory of 1844 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 220 wrote to memory of 1844 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 220 wrote to memory of 1844 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1844 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1844 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1844 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1008 wrote to memory of 816 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1008 wrote to memory of 816 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1008 wrote to memory of 816 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 816 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 816 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 816 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2308 wrote to memory of 1220 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2308 wrote to memory of 1220 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2308 wrote to memory of 1220 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1220 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1220 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1220 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 4804 wrote to memory of 2244 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 4804 wrote to memory of 2244 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 4804 wrote to memory of 2244 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2244 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2244 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2244 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1840 wrote to memory of 428 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1840 wrote to memory of 428 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1840 wrote to memory of 428 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 428 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 428 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 428 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 3656 wrote to memory of 2992 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 3656 wrote to memory of 2992 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 3656 wrote to memory of 2992 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 2992 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2992 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 2992 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 1928 wrote to memory of 4872 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1928 wrote to memory of 4872 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 1928 wrote to memory of 4872 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 4872 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 4872 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 4872 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com
PID 3388 wrote to memory of 4400 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 3388 wrote to memory of 4400 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 3388 wrote to memory of 4400 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE
PID 4400 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv UfuBFwz/6E278JnYCzdMCQ.0.2

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Users\Admin\AppData\Local\Temp\8C5D.tmp\drm

C:\Users\Admin\AppData\Local\Temp\3582-490\5DA6FF~1.EXE

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 59.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\3582-490\5da6ffa89ab8c653c1d2f39758adabd9_JaffaCakes118.exe

MD5 8757269a691bf4874ffe02da5baddaca
SHA1 f0a1eef86b660293352eaf232ec7734bd535b1da
SHA256 b3cbb79cdb933c208847f5ce5ca135e56fb8dcf48182fea2f38188545ba53a5d
SHA512 ab22e9b4d3052c1020e500b268227213b8da7b4eec3c9c0ad048c9ab7e43f52eb426e21864f3d357bd2771067388a75d084ef359db1df81f56100b9863a0ba5f

C:\Windows\svchost.com

MD5 36fd5e09c417c767a952b4609d73a54b
SHA1 299399c5a2403080a5bf67fb46faec210025b36d
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512 1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

memory/1596-16-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 07d4eb54e900583ba41b4d8c23510e37
SHA1 c3904373720ae94058fbd8b50c76cda5cbe67cd9
SHA256 ffb37677cc527507a778c2aa2935917a3c78c4311bb9986f31406d2f7dc9ca53
SHA512 be830aa126fcc36c0cd483f763982772b9d22440aa4e3c006377a467cbfbc1ec97dab58e0e8e98dec3c42d6d3bdcb3a9d57e91d906af18624955b0c68589cca6

memory/3472-26-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1224-28-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2916-32-0x0000000000400000-0x000000000041B000-memory.dmp

memory/220-40-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1844-50-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1008-52-0x0000000000400000-0x000000000041B000-memory.dmp

memory/816-56-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2308-64-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1220-74-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4804-76-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2244-80-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1840-88-0x0000000000400000-0x000000000041B000-memory.dmp

memory/428-98-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe

MD5 576410de51e63c3b5442540c8fdacbee
SHA1 8de673b679e0fee6e460cbf4f21ab728e41e0973
SHA256 3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe
SHA512 f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE

MD5 12c29dd57aa69f45ddd2e47620e0a8d9
SHA1 ba297aa3fe237ca916257bc46370b360a2db2223
SHA256 22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880
SHA512 255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488

C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE

MD5 92dc0a5b61c98ac6ca3c9e09711e0a5d
SHA1 f809f50cfdfbc469561bced921d0bad343a0d7b4
SHA256 3e9da97a7106122245e77f13f3f3cc96c055d732ab841eb848d03ac25401c1bc
SHA512 d9eefb19f82e0786d9be0dbe5e339d25473fb3a09682f40c6d190d4c320cca5556abb72b5d97c6b0da4f8faefdc6d39ac9d0415fdf94ebcc90ecdf2e513c6a31

C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE

MD5 8c753d6448183dea5269445738486e01
SHA1 ebbbdc0022ca7487cd6294714cd3fbcb70923af9
SHA256 473eb551101caeaf2d18f811342e21de323c8dd19ed21011997716871defe997
SHA512 4f6fddefc42455540448eac0b693a4847e21b68467486376a4186776bfe137337733d3075b7b87ed7dac532478dc9afc63883607ec8205df3f155fee64c7a9be

memory/3656-120-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2992-131-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1928-132-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4872-142-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3388-148-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE

MD5 bcd0f32f28d3c2ba8f53d1052d05252d
SHA1 c29b4591df930dabc1a4bd0fa2c0ad91500eafb2
SHA256 bb07d817b8b1b6b4c25e62b6120e51dec10118557d7b6b696ad084a5ba5bfdeb
SHA512 79f407735853f82f46870c52058ceee4d91857a89db14868ee1169abd5c0fd2e3fa1ed230ab90b5f479a9581b88998643d69b0df498defea29e73b0d487f3b10

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe

MD5 892cf4fc5398e07bf652c50ef2aa3b88
SHA1 c399e55756b23938057a0ecae597bd9dbe481866
SHA256 e2262c798729169f697e6c30e5211cde604fd8b14769311ff4ea81abba8c2781
SHA512 f16a9e4b1150098c5936ec6107c36d47246dafd5a43e9f4ad9a31ecab69cc789c768691fa23a1440fae7f6e93e8e62566b5c86f7ed6bb4cfe26368149ea8c167

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

MD5 452c3ce70edba3c6e358fad9fb47eb4c
SHA1 d24ea3b642f385a666159ef4c39714bec2b08636
SHA256 da73b6e071788372702104b9c72b6697e84e7c75e248e964996700b77c6b6f1c
SHA512 fe8a0b9b1386d6931dc7b646d0dd99c3d1b44bd40698b33077e7eeba877b53e5cb39ff2aa0f6919ccab62953a674577bc1b2516d9cadc0c051009b2083a08085

memory/4400-166-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE

MD5 87bb2253f977fc3576a01e5cbb61f423
SHA1 5129844b3d8af03e8570a3afcdc5816964ed8ba4
SHA256 3fc32edf3f9ab889c2cdf225a446da1e12a7168a7a56165efe5e9744d172d604
SHA512 7cfd38ceb52b986054a68a781e01c3f99e92227f884a4401eb9fbc72f4c140fd32a552b4a102bedf9576e6a0da216bc10ce29241f1418acb39aeb2503cb8d703

C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE

MD5 ba370b328265a298fdd63cf3e9bb75b2
SHA1 f0a3eb9e7a07a946945225dc51f6a78aa647f817
SHA256 88607b6175574a6335df2e85a90178412d642a08e66c9c3aa7acc32ec0211369
SHA512 3520c0133d1d4a0353abb8e8e0ebc41e74b6267a28b31326fbaffe85b582afcf367a5358cad1232a47489258146e8842bf2d3ad95b90bb2261d267cedbf45a8d

C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE

MD5 cdc455fa95578320bd27e0d89a7c9108
SHA1 60cde78a74e4943f349f1999be3b6fc3c19ab268
SHA256 d7f214dc55857c3576675279261a0ee1881f7ddee4755bb0b9e7566fc0f425a9
SHA512 35f3741538bd59f6c744bcad6f348f4eb6ea1ee542f9780daa29de5dbb2d772b01fe4774fb1c2c7199a349488be309ceedd562ceb5f1bdcdd563036b301dcd9f

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE

MD5 301d7f5daa3b48c83df5f6b35de99982
SHA1 17e68d91f3ec1eabde1451351cc690a1978d2cd4
SHA256 abe398284d90be5e5e78f98654b88664e2e14478f7eb3f55c5fd1c1bcf1bebee
SHA512 4a72a24dec461d116fe8324c651913273ccaa50cb036ccdacb3ae300e417cf4a64aa458869b8d2f3b4c298c59977437d11b241d08b391a481c3226954bba22e4

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE

MD5 41b1e87b538616c6020369134cbce857
SHA1 a255c7fef7ba2fc1a7c45d992270d5af023c5f67
SHA256 08465cc139ee50a7497f8c842f74730d3a8f1a73c0b7caca95e9e6d37d3beed3
SHA512 3a354d3577b45f6736203d5a35a2d1d543da2d1e268cefeffe6bdb723ff63c720ceb2838701144f5fec611470d77649846e0fb4770d6439f321f6b819f03e4db

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE

MD5 5e08d87c074f0f8e3a8e8c76c5bf92ee
SHA1 f52a554a5029fb4749842b2213d4196c95d48561
SHA256 5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714
SHA512 dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe

MD5 5119e350591269f44f732b470024bb7c
SHA1 4ccd48e4c6ba6e162d1520760ee3063e93e2c014
SHA256 2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873
SHA512 599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE

MD5 27543bab17420af611ccc3029db9465a
SHA1 f0f96fd53f9695737a3fa6145bc5a6ce58227966
SHA256 75530dc732f35cc796d19edd11ae6d6f6ef6499ddcf2e57307582b1c5299554c
SHA512 a62c2dd60e1df309ec1bb48ea85184914962ba83766f29d878569549ca20fca68f304f4494702d9e5f09adedc2166e48ee0bc1f4a5d9e245c5490daf15036bea

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE

MD5 11486d1d22eaacf01580e3e650f1da3f
SHA1 a47a721efec08ade8456a6918c3de413a2f8c7a2
SHA256 5e1b1daa9968ca19a58714617b7e691b6b6f34bfacaf0dcf4792c48888b1a5d3
SHA512 5bd54e1c1308e04a769e089ab37bd9236ab97343b486b85a018f2c8ad060503c97e8bc51f911a63f9b96dd734eb7d21e0a5c447951246d972b05fafeef4633da

C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE

MD5 7c73e01bd682dc67ef2fbb679be99866
SHA1 ad3834bd9f95f8bf64eb5be0a610427940407117
SHA256 da333c92fdfd2e8092f5b56686b94f713f8fa27ef8f333e7222259ad1eb08f5d
SHA512 b2f3398e486cde482cb6bea18f4e5312fa2db7382ca25cea17bcba5ab1ff0e891d59328bc567641a9da05caca4d7c61dc102289d46e7135f947ce6155e295711

C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE

MD5 7429ce42ac211cd3aa986faad186cedd
SHA1 b61a57f0f99cfd702be0fbafcb77e9f911223fac
SHA256 d608c05409ac4bd05d8e0702fcf66dfae5f4f38cbae13406842fa5504f4d616f
SHA512 ee4456877d6d881d9904013aabecb9f2daf6fc0ec7a7c9251e77396b66a7f5a577fe8544e64e2bb7464db429db56a3fe47c183a81d40cc869d01be573ab5e4c1

memory/2492-242-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4392-249-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3476-257-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4248-259-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3472-265-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3264-272-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4924-273-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4644-275-0x0000000000400000-0x000000000041B000-memory.dmp

memory/664-281-0x0000000000400000-0x000000000041B000-memory.dmp

memory/524-283-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4428-289-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2672-296-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2872-297-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3900-299-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2684-305-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3896-307-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1304-313-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3468-315-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4148-321-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4764-328-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4436-329-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4012-331-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1936-337-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3804-339-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2928-345-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3320-347-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4384-353-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3132-355-0x0000000000400000-0x000000000041B000-memory.dmp

memory/336-361-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3528-363-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4912-369-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4424-371-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3620-377-0x0000000000400000-0x000000000041B000-memory.dmp

memory/952-379-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3480-380-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-382-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2932-388-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3712-395-0x0000000000400000-0x000000000041B000-memory.dmp

memory/760-396-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1628-403-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4768-404-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4248-406-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1224-412-0x0000000000400000-0x000000000041B000-memory.dmp

memory/744-414-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4132-2148-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/4132-2156-0x0000000000400000-0x00000000004CE000-memory.dmp