Malware Analysis Report

2024-11-16 12:12

Sample ID 240720-k84a5azajd
Target 5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118
SHA256 951544b64107ec4f35fab90b0ac447f0656627da1d996a0ecc461b8dd4ed601f
Tags
neshta persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

951544b64107ec4f35fab90b0ac447f0656627da1d996a0ecc461b8dd4ed601f

Threat Level: Known bad

The file 5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

neshta persistence spyware stealer

Detect Neshta payload

Neshta

Neshta family

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-20 09:17

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Neshta family

neshta

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-20 09:17

Reported

2024-07-20 09:19

Platform

win7-20240704-en

Max time kernel

142s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Windows\svchost.com N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSQRY32.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\WMPDMC.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DWTRIG20.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~1\wabmig.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\WMPDMC.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI54FB~1\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\SELFCERT.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1628 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 1628 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 1628 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 1628 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 2896 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2896 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2896 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2896 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2432 wrote to memory of 2424 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 2432 wrote to memory of 2424 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 2432 wrote to memory of 2424 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 2432 wrote to memory of 2424 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 2424 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.com
PID 2424 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.com
PID 2424 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.com
PID 2424 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.com
PID 3024 wrote to memory of 2256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 3024 wrote to memory of 2256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 3024 wrote to memory of 2256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 3024 wrote to memory of 2256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2256 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2256 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2256 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2256 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2624 wrote to memory of 2752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2624 wrote to memory of 2752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2624 wrote to memory of 2752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2624 wrote to memory of 2752 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2752 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2752 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2752 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2752 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2632 wrote to memory of 2764 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2632 wrote to memory of 2764 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2632 wrote to memory of 2764 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2632 wrote to memory of 2764 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2764 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2764 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2764 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2764 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2812 wrote to memory of 2540 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2812 wrote to memory of 2540 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2812 wrote to memory of 2540 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2812 wrote to memory of 2540 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2540 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2540 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2540 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2540 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2496 wrote to memory of 3008 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2496 wrote to memory of 3008 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2496 wrote to memory of 3008 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2496 wrote to memory of 3008 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 3008 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 3008 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 3008 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 3008 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1152 wrote to memory of 1176 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1152 wrote to memory of 1176 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1152 wrote to memory of 1176 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1152 wrote to memory of 1176 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1176 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1176 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1176 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1176 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

C:\Windows\svchost.exe

C:\Windows\svchost.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -Embedding

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

MD5 4395f73615d5d1d091c6af65b6da12fa
SHA1 f004800ed43c62ae238429bbdf3e0555c9ea5ed5
SHA256 6ac0280fdcc25b128dfd66bde1b4f9dfdb3aa94a5917aaaad718d086c5852e71
SHA512 e79264bbcd0ffb25358c59d531f9f62e2bacfe6328e01caaf0525603561377cebd2082eb91d449d860c334d4ed0a3d688c422f9736f71934786342862e9fec9a

C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe

MD5 cf6c595d3e5e9667667af096762fd9c4
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d
SHA512 ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

C:\Windows\svchost.exe

MD5 9e3c13b6556d5636b745d3e466d47467
SHA1 2ac1c19e268c49bc508f83fe3d20f495deb3e538
SHA256 20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8
SHA512 5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

memory/2896-20-0x0000000000400000-0x000000000040E000-memory.dmp

\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

MD5 7a41bd6105df6ab1a97b48fcc3c7281a
SHA1 5309c741d34bed5fc1d7c75c094db6a70166e82f
SHA256 ca1d4981329693631bcc90873d0ea2954ba9da199c5f4da35e2b818bdb1b629d
SHA512 1359ceb2a576637a279dae50f3f225ae2ee8afb95feb0b1897bfc0c505996c054c7a0dc90fe40f0f55593fc9bb868394082f64df995b6348842a6bd8de2b1d41

memory/2432-34-0x0000000000400000-0x000000000040D000-memory.dmp

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

MD5 82544a4c699e2944bab822826ea3c3a9
SHA1 721464d799cd8c0d832111d6d23c7b4475d0aa74
SHA256 03a91e8eec5e51d2100df2de79c930f30ab56a4e7f24df89ac105b07a9aae6d7
SHA512 b49d82a91b7874ffa4b387452aafda536dc5f3765539d2e1e4781c907177ec378b8146b73b1c05bd1efa6fbfd31e98cfce75530b9a6e1bb8e72645785314332e

C:\Windows\svchost.com

MD5 7119997967f3e7e3b727ab22082faa3a
SHA1 e02d4d5faec94005db920d7e97c3e218413202e7
SHA256 5fb3e90938d34e9dc49a11b70809edb49cc3161284b0bd7429c1a11242d1d100
SHA512 c77c046c11cffb589cefb92ad3943328ff5f03bd323f5685714336a8e919726c3b2b9f7fcc7b4a25cb3b5bcbc98642f0ec351c84eef72d19c6ce1dca62e1df36

C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE

MD5 02ee6a3424782531461fb2f10713d3c1
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc
SHA512 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec

C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe

MD5 566ed4f62fdc96f175afedd811fa0370
SHA1 d4b47adc40e0d5a9391d3f6f2942d1889dd2a451
SHA256 e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460
SHA512 cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7

memory/3024-53-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2256-52-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\directx.sys

MD5 9c2143b815c41fe77f5f312629d4d26d
SHA1 6bcfac67559c4c253c68c23b53d30f782ffefe60
SHA256 aaab06220fa4e6da10125cd45c43ac060f5a1e3c6579991d0c558cf6c0069e25
SHA512 9e0119039bbc1b32e4d5b18d692d1f688bea0e7153aace1363880a31ae86ab7896b832ad80de1a1900e2f327c85d5b409c778dbe86e497cebacdfa3f5f23e877

memory/2752-65-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2624-66-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2632-80-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2764-79-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2812-94-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2540-93-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE

MD5 eef2f834c8d65585af63916d23b07c36
SHA1 8cb85449d2cdb21bd6def735e1833c8408b8a9c6
SHA256 3cd34a88e3ae7bd3681a7e3c55832af026834055020add33e6bd6f552fc0aabd
SHA512 2ee8766e56e5b1e71c86f7d1a1aa1882706d0bca8f84b2b2c54dd4c255e04f037a6eb265302449950e5f5937b0e57f17a6aa45e88a407ace4b3945e65043d9b7

C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe

MD5 3ec4922dbca2d07815cf28144193ded9
SHA1 75cda36469743fbc292da2684e76a26473f04a6d
SHA256 0587fd366ea7e94b3ae500874b1c5d684b5357fcc7389682d5a13c3301a28801
SHA512 956c3a1f2689cb72600edd2e90d652b77592a8a81d319dce026e88f6c02231af06aebd57d68460eb406de00c113522173423cb1b339a41a3918f379c7dc311f7

\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE

MD5 9e2b9928c89a9d0da1d3e8f4bd96afa7
SHA1 ec66cda99f44b62470c6930e5afda061579cde35
SHA256 8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043
SHA512 2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

memory/2496-117-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3008-116-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe

MD5 e1833678885f02b5e3cf1b3953456557
SHA1 c197e763500002bc76a8d503933f1f6082a8507a
SHA256 bd9a16d8d7590a2ec827913db5173f8beb1d1ef44dab1920ef52a307f922bc14
SHA512 fe107e1c8631ec6ac94f772e6a7be1fdc2a533fe3cfcf36b1ff018c8d01bd7f1f818f0a2448f736838c953cd516ea7327c416dea20706ed2420327af8ef01abe

memory/864-153-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2552-152-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1152-139-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1176-138-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1752-165-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2676-164-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE

MD5 a741183f8c4d83467c51abab1ff68d7b
SHA1 ddb4a6f3782c0f03f282c2bed765d7b065aadcc6
SHA256 78be3aeb507db7e4ee7468c6b9384ee0459deebd503e06bd4988c52247ecea24
SHA512 c15dbecc0754a662892ecaff4b9b6c1bad46f710d8e1b973f86eaee467444f8e5764b31ace8f5a9a5e936947cc4dcb97cb1b14a6930c1025f38a3544393b6b18

C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE

MD5 7ce8bcabb035b3de517229dbe7c5e67d
SHA1 8e43cd79a7539d240e7645f64fd7f6e9e0f90ab9
SHA256 81a3a1dc3104973a100bf8d114b6be35da03767a0cbbaf925f970ffcbe5f217c
SHA512 be7fcd50b4f71b458ca001b7c019bf1169ec089d7a1ce05355134b11cbe75a5a29811f9efec803877aeb1a1d576ea2628926e0131361db23214275af6e89e80c

C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe

MD5 2f6f7891de512f6269c8e8276aa3ea3e
SHA1 53f648c482e2341b4718a60f9277198711605c80
SHA256 d1ee54eb64f31247f182fd62037e64cdb3876e1100bc24883192bf46bab42c86
SHA512 c677f4f7bfb2e02cd0babed896be00567aad08304cbff3a85fcc9816b10247fedd026fee769c9bd45277a4f2814eabe6534f0b04ea804d0095a47a1477188dd6

memory/2196-176-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2980-177-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1832-190-0x0000000000400000-0x000000000041B000-memory.dmp

memory/696-189-0x0000000000400000-0x000000000041B000-memory.dmp

memory/532-211-0x0000000000400000-0x000000000041B000-memory.dmp

memory/952-212-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1516-230-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2012-229-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2376-251-0x0000000000400000-0x000000000041B000-memory.dmp

memory/784-252-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1936-279-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1764-280-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2900-288-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1708-287-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2428-304-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3012-303-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2264-313-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-312-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2612-321-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2872-320-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2016-328-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2320-329-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2820-336-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2756-337-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2620-345-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2708-344-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2540-352-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2604-353-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2788-360-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2352-361-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1488-368-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1508-369-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1800-377-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1172-376-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1608-385-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1660-384-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2996-392-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2736-393-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-401-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2156-400-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2024-408-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1200-409-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2944-417-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2368-416-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1556-424-0x0000000000400000-0x000000000041B000-memory.dmp

memory/344-425-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-20 09:17

Reported

2024-07-20 09:19

Platform

win10v2004-20240709-en

Max time kernel

142s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
N/A N/A C:\Windows\svchost.exe N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
N/A N/A C:\Windows\svchost.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WI8A19~1\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{D87AE~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MIA062~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~2.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Windows\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Windows\svchost.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Windows\svchost.com N/A
File opened for modification C:\Windows\directx.sys C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
File opened for modification C:\Windows\directx.sys C:\Windows\svchost.com N/A
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4456 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 4456 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 4456 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 2800 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2800 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2800 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.exe
PID 2732 wrote to memory of 1316 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 2732 wrote to memory of 1316 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 2732 wrote to memory of 1316 N/A C:\Windows\svchost.exe C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe
PID 1316 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.com
PID 1316 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.com
PID 1316 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe C:\Windows\svchost.com
PID 4912 wrote to memory of 1944 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 4912 wrote to memory of 1944 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 4912 wrote to memory of 1944 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1944 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1944 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1944 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 4612 wrote to memory of 4900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 4612 wrote to memory of 4900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 4612 wrote to memory of 4900 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 4900 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 4900 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 4900 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 840 wrote to memory of 2616 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 840 wrote to memory of 2616 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 840 wrote to memory of 2616 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2616 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2616 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2616 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1176 wrote to memory of 2580 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1176 wrote to memory of 2580 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1176 wrote to memory of 2580 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2580 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2580 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2580 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 4184 wrote to memory of 3024 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 4184 wrote to memory of 3024 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 4184 wrote to memory of 3024 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 3024 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 3024 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 3024 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1300 wrote to memory of 4256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1300 wrote to memory of 4256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1300 wrote to memory of 4256 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 4256 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 4256 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 4256 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 3692 wrote to memory of 1468 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 3692 wrote to memory of 1468 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 3692 wrote to memory of 1468 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 1468 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1468 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 1468 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 392 wrote to memory of 4020 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 392 wrote to memory of 4020 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 392 wrote to memory of 4020 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 4020 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 4020 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 4020 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com
PID 2844 wrote to memory of 2004 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2844 wrote to memory of 2004 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2844 wrote to memory of 2004 N/A C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE
PID 2004 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE C:\Windows\svchost.com

Processes

C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

C:\Windows\svchost.exe

"C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe"

C:\Windows\svchost.exe

C:\Windows\svchost.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\5FE4B6~1.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

MD5 4395f73615d5d1d091c6af65b6da12fa
SHA1 f004800ed43c62ae238429bbdf3e0555c9ea5ed5
SHA256 6ac0280fdcc25b128dfd66bde1b4f9dfdb3aa94a5917aaaad718d086c5852e71
SHA512 e79264bbcd0ffb25358c59d531f9f62e2bacfe6328e01caaf0525603561377cebd2082eb91d449d860c334d4ed0a3d688c422f9736f71934786342862e9fec9a

C:\Windows\svchost.exe

MD5 9e3c13b6556d5636b745d3e466d47467
SHA1 2ac1c19e268c49bc508f83fe3d20f495deb3e538
SHA256 20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8
SHA512 5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

memory/2800-12-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3582-490\5fe4b627f39be0d3564a4c62f2a58092_JaffaCakes118.exe

MD5 7a41bd6105df6ab1a97b48fcc3c7281a
SHA1 5309c741d34bed5fc1d7c75c094db6a70166e82f
SHA256 ca1d4981329693631bcc90873d0ea2954ba9da199c5f4da35e2b818bdb1b629d
SHA512 1359ceb2a576637a279dae50f3f225ae2ee8afb95feb0b1897bfc0c505996c054c7a0dc90fe40f0f55593fc9bb868394082f64df995b6348842a6bd8de2b1d41

memory/2732-20-0x0000000000400000-0x000000000040D000-memory.dmp

C:\Windows\svchost.com

MD5 7119997967f3e7e3b727ab22082faa3a
SHA1 e02d4d5faec94005db920d7e97c3e218413202e7
SHA256 5fb3e90938d34e9dc49a11b70809edb49cc3161284b0bd7429c1a11242d1d100
SHA512 c77c046c11cffb589cefb92ad3943328ff5f03bd323f5685714336a8e919726c3b2b9f7fcc7b4a25cb3b5bcbc98642f0ec351c84eef72d19c6ce1dca62e1df36

memory/4912-30-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1944-34-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Windows\directx.sys

MD5 9c2143b815c41fe77f5f312629d4d26d
SHA1 6bcfac67559c4c253c68c23b53d30f782ffefe60
SHA256 aaab06220fa4e6da10125cd45c43ac060f5a1e3c6579991d0c558cf6c0069e25
SHA512 9e0119039bbc1b32e4d5b18d692d1f688bea0e7153aace1363880a31ae86ab7896b832ad80de1a1900e2f327c85d5b409c778dbe86e497cebacdfa3f5f23e877

memory/4612-42-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4900-46-0x0000000000400000-0x000000000041B000-memory.dmp

memory/840-54-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2616-58-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1176-66-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2580-77-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4184-78-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3024-82-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1300-90-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4256-101-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3692-102-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1468-113-0x0000000000400000-0x000000000041B000-memory.dmp

memory/392-134-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4020-145-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2844-146-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2004-157-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1040-158-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1240-163-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaws.exe

MD5 452c3ce70edba3c6e358fad9fb47eb4c
SHA1 d24ea3b642f385a666159ef4c39714bec2b08636
SHA256 da73b6e071788372702104b9c72b6697e84e7c75e248e964996700b77c6b6f1c
SHA512 fe8a0b9b1386d6931dc7b646d0dd99c3d1b44bd40698b33077e7eeba877b53e5cb39ff2aa0f6919ccab62953a674577bc1b2516d9cadc0c051009b2083a08085

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe

MD5 892cf4fc5398e07bf652c50ef2aa3b88
SHA1 c399e55756b23938057a0ecae597bd9dbe481866
SHA256 e2262c798729169f697e6c30e5211cde604fd8b14769311ff4ea81abba8c2781
SHA512 f16a9e4b1150098c5936ec6107c36d47246dafd5a43e9f4ad9a31ecab69cc789c768691fa23a1440fae7f6e93e8e62566b5c86f7ed6bb4cfe26368149ea8c167

C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe

MD5 9a8d683f9f884ddd9160a5912ca06995
SHA1 98dc8682a0c44727ee039298665f5d95b057c854
SHA256 5e2e22ead49ce9cc11141dbeebbe5b93a530c966695d8efc2083f00e6be53423
SHA512 6aecf8c5cb5796d6879f8643e20c653f58bad70820896b0019c39623604d5b3c8a4420562ab051c6685edce60aa068d9c2dbb4413a7b16c6d01a9ac10dc22c12

memory/4004-186-0x0000000000400000-0x000000000041B000-memory.dmp

C:\PROGRA~2\Google\Update\DISABL~1.EXE

MD5 7429ce42ac211cd3aa986faad186cedd
SHA1 b61a57f0f99cfd702be0fbafcb77e9f911223fac
SHA256 d608c05409ac4bd05d8e0702fcf66dfae5f4f38cbae13406842fa5504f4d616f
SHA512 ee4456877d6d881d9904013aabecb9f2daf6fc0ec7a7c9251e77396b66a7f5a577fe8544e64e2bb7464db429db56a3fe47c183a81d40cc869d01be573ab5e4c1

C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE

MD5 d9a290f7aec8aff3591c189b3cf8610a
SHA1 7558d29fb32018897c25e0ac1c86084116f1956c
SHA256 41bed95cb1101181a97460e2395efebb0594849e6f48b80a2b7c376ddf5ce0ea
SHA512 b55ab687a75c11ba99c64be42ad8471576aa2df10ce1bb61e902e98827e3a38cd922e365751bd485cac089c2bd8bccf939a578da7238506b77fe02a3eb7994c6

C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE

MD5 d9186b6dd347f1cf59349b6fc87f0a98
SHA1 6700d12be4bd504c4c2a67e17eea8568416edf93
SHA256 a892284c97c8888a589ea84f88852238b8cd97cc1f4af85b93b5c5264f5c40d4
SHA512 a29cc26028a68b0145cb20ec353a4406ec86962ff8c3630c96e0627639cf76e0ea1723b7b44592ea4f126c4a48d85d92f930294ae97f72ecc95e3a752a475087

C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE

MD5 87bb2253f977fc3576a01e5cbb61f423
SHA1 5129844b3d8af03e8570a3afcdc5816964ed8ba4
SHA256 3fc32edf3f9ab889c2cdf225a446da1e12a7168a7a56165efe5e9744d172d604
SHA512 7cfd38ceb52b986054a68a781e01c3f99e92227f884a4401eb9fbc72f4c140fd32a552b4a102bedf9576e6a0da216bc10ce29241f1418acb39aeb2503cb8d703

C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE

MD5 cdc455fa95578320bd27e0d89a7c9108
SHA1 60cde78a74e4943f349f1999be3b6fc3c19ab268
SHA256 d7f214dc55857c3576675279261a0ee1881f7ddee4755bb0b9e7566fc0f425a9
SHA512 35f3741538bd59f6c744bcad6f348f4eb6ea1ee542f9780daa29de5dbb2d772b01fe4774fb1c2c7199a349488be309ceedd562ceb5f1bdcdd563036b301dcd9f

C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE

MD5 674eddc440664b8b854bc397e67ee338
SHA1 af9d74243ee3ea5f88638172f592ed89bbbd7e0d
SHA256 20bbf92426732ff7269b4f2f89d404d5fee0fa6a20944004d2eeb3cc2d1fa457
SHA512 5aced0e2235f113e323d6b28be74da5e4da4dc881629461df4644a52bccd717dc6d2632c40ed8190b3ad060b8b62c347757a0bbe82680d892114c1f0529146b7

C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE

MD5 cbd96ba6abe7564cb5980502eec0b5f6
SHA1 74e1fe1429cec3e91f55364e5cb8385a64bb0006
SHA256 405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa
SHA512 a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc

memory/1248-210-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2356-239-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2764-247-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4612-264-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2108-266-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2692-277-0x0000000000400000-0x000000000041B000-memory.dmp

memory/836-279-0x0000000000400000-0x000000000041B000-memory.dmp

memory/408-285-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4064-295-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4516-296-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1116-303-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1632-304-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4204-311-0x0000000000400000-0x000000000041B000-memory.dmp

memory/412-312-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4668-319-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4496-320-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1904-327-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-328-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1864-330-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2480-336-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1828-343-0x0000000000400000-0x000000000041B000-memory.dmp

memory/720-344-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2688-346-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4424-352-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3608-354-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2908-360-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4812-362-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1908-368-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4924-375-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4304-376-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1020-378-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2340-384-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2776-386-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3196-392-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4868-394-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3128-400-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4452-402-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2248-408-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2684-410-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2536-416-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4956-423-0x0000000000400000-0x000000000041B000-memory.dmp