Malware Analysis Report

2024-10-19 10:25

Sample ID 240909-248tgsvenm
Target d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118
SHA256 032f82ee87063844044f26e9c171170ee56b5e480a26402371018512fb92ff6a
Tags
netwire botnet discovery persistence rat stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

032f82ee87063844044f26e9c171170ee56b5e480a26402371018512fb92ff6a

Threat Level: Known bad

The file d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

netwire botnet discovery persistence rat stealer

NetWire RAT payload

Netwire

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: RenamesItself

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-09 23:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-09 23:09

Reported

2024-09-09 23:11

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe"

Signatures

NetWire RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Netwire

botnet stealer netwire

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{51ER3LW3-6YXE-YD6F-5ROI-AF1JX466T30G} C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{51ER3LW3-6YXE-YD6F-5ROI-AF1JX466T30G}\StubPath = "\"C:\\Users\\Admin\\AppData\\Roaming\\Imgburn\\Svchost.exe\"" C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NetWire = "C:\\Users\\Admin\\AppData\\Roaming\\Imgburn\\Svchost.exe" C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3956 set thread context of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 4888 set thread context of 920 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 5064 set thread context of 2288 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2580 set thread context of 4920 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 4100 set thread context of 2652 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 1112 set thread context of 2760 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3120 set thread context of 544 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 4432 set thread context of 3124 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 5072 set thread context of 2668 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 4836 set thread context of 4284 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2280 set thread context of 2668 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 4324 set thread context of 3456 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2976 set thread context of 2052 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2348 set thread context of 3916 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 4704 set thread context of 4524 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3120 set thread context of 2188 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 1916 set thread context of 3624 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3528 set thread context of 4316 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2588 set thread context of 3668 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1984 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1984 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1984 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2532 wrote to memory of 3956 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2532 wrote to memory of 3956 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2532 wrote to memory of 3956 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 3956 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 3956 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 4840 wrote to memory of 1140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4840 wrote to memory of 1140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4840 wrote to memory of 1140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3956 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 3956 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 3956 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 5040 wrote to memory of 4512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 5040 wrote to memory of 4512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 5040 wrote to memory of 4512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 3956 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 3956 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 3956 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 4232 wrote to memory of 2312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4232 wrote to memory of 2312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4232 wrote to memory of 2312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1604 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 1604 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 1604 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 3956 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 3956 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 3956 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 4888 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Windows\SysWOW64\cmd.exe
PID 4888 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Windows\SysWOW64\cmd.exe
PID 4888 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Windows\SysWOW64\cmd.exe
PID 2840 wrote to memory of 4708 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2840 wrote to memory of 4708 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2840 wrote to memory of 4708 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4864 wrote to memory of 3368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4864 wrote to memory of 3368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4864 wrote to memory of 3368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4888 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Windows\SysWOW64\cmd.exe
PID 4888 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Windows\SysWOW64\cmd.exe
PID 4888 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Windows\SysWOW64\cmd.exe
PID 3024 wrote to memory of 752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3024 wrote to memory of 752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3024 wrote to memory of 752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4888 wrote to memory of 920 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 4888 wrote to memory of 920 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 4888 wrote to memory of 920 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 4888 wrote to memory of 920 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 4888 wrote to memory of 920 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 4888 wrote to memory of 920 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 4888 wrote to memory of 920 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 4888 wrote to memory of 920 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1269108421.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe

"C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1142529880.xml"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1067654801.xml"

C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe

"C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1531423367.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\686020360.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\985688789.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\245759637.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1315955994.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\995182879.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2065379236.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\786806439.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\60891040.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\510645853.xml"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1161686173.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\384067312.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\302269413.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\527062763.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1470848692.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1695642042.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\72788287.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1838637493.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1944111348.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\747336450.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\133817726.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1923006662.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2072924933.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1646846076.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\674864528.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\248785671.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\817859979.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\40409231.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\377599256.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\422211785.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1560360401.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\820263136.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\162299996.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\192730659.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\492567201.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1712681829.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2012518371.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1085149352.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1548917918.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1033614003.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1340541478.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\218809772.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1319436792.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1387389051.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1462432243.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\759856574.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1022171520.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\715412158.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\132324097.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\507035718.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\275319548.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1256458960.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\673370899.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\628926483.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\397210313.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\352765897.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\465162572.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1565789592.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1214585814.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\938257115.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1006209374.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1687680357.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\378676897.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1830675808.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\708944102.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\821340777.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\851771440.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\612964337.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\224238963.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\404587897.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1744190133.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1924539067.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1116657656.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\645966270.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\339206908.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1866080898.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\130830468.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1238548421.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1650781638.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1987971663.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1023249161.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\941283149.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\163832401.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2004556686.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2109862428.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\606496281.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1063173914.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1707291414.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\435641437.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\309231009.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1185064679.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\100854569.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1171050926.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\557532202.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1314046377.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1306955444.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\335142009.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1030794858.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1855093179.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1428846209.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\37876737.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1878601022.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1152685623.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2021596473.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\944309183.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\623536068.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1693732425.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1372959310.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\295672020.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\745426833.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1815623190.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\87295580.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\768934676.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1607246750.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1518357918.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1398870310.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\120297513.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1541865761.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1640248683.xml"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\263292964.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\562961393.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1970515888.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1544268918.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\572455483.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\916736441.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2092406653.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2017531574.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1464874176.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2115914496.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\80827524.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\837341699.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1600778694.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\209809222.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\202718289.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1310604355.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1303513422.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1289499669.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1514293019.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1558905548.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1971138765.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\931373071.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\992234397.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1680796313.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\364701920.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\701891945.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1114125162.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\844887396.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\957284071.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\486592685.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2125863350.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1236015927.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1849702764.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\959855341.xml"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
GB 185.125.205.77:39560 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 185.125.205.77:39560 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp

Files

memory/1984-0-0x0000000074C52000-0x0000000074C53000-memory.dmp

memory/1984-1-0x0000000074C50000-0x0000000075201000-memory.dmp

memory/1984-2-0x0000000074C50000-0x0000000075201000-memory.dmp

memory/1984-3-0x0000000074C50000-0x0000000075201000-memory.dmp

memory/1984-5-0x0000000074C50000-0x0000000075201000-memory.dmp

memory/3956-7-0x0000000074C50000-0x0000000075201000-memory.dmp

memory/3956-8-0x0000000074C50000-0x0000000075201000-memory.dmp

memory/3956-6-0x0000000074C50000-0x0000000075201000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1269108421.xml

MD5 590598edb08b7ae0cb746ebc98155bc1
SHA1 cdd19aca2a8ca87635fcd5762d5c06ca1d5883e7
SHA256 43900d5b5849ac1e55ceef5b802c55d4e09d28e05e8a272b1b777e1d9016db8b
SHA512 fe45f3da88c72acbba3bba0cf0051d971f15f1799dec45e55a2d6e4611ed42fb5c6a8c072293e3fb7fa77630d3579eee00ae97d76f72a433f6c5433c52e4f482

C:\Users\Admin\AppData\Roaming\javaupdates.exe

MD5 d73e7f87a3a95e0f16337c29a6546efa
SHA1 753398b57ac5a470d4c2573e1b51cb3ed783e834
SHA256 032f82ee87063844044f26e9c171170ee56b5e480a26402371018512fb92ff6a
SHA512 e966fcfc3fb032e6b602f5bfcbc5842a9c88a8427096f9902e2ec12d08f30c851104c10f10824b084a1e18cf6e9e44114d5f3fd1f688a3d8db6e805976ed4b25

memory/1604-12-0x0000000000400000-0x000000000042C000-memory.dmp

memory/1604-19-0x0000000000400000-0x000000000042C000-memory.dmp

memory/1604-17-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Java Update.txt

MD5 3ae5e88e8e85f7038b2cd05cd5be03cf
SHA1 84e007c3af56af18a8f88f760603062028fece4f
SHA256 4cb9c982d02b166b37f737ab6bf4bc7b1711b904b0c9ce521cf3e4f1bf24e4e3
SHA512 713c2f625a9dd75118cf1bd95fb3b281e641210211cde410fc73e47f458ce97d15aa620236cf0191565a1f0633ff3006eb90785d885377b38e1d2decc1425bb7

memory/920-30-0x0000000000400000-0x000000000042C000-memory.dmp

memory/3956-36-0x0000000074C50000-0x0000000075201000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\javaupdates.exe.log

MD5 cde6529abeea500fb852f29ba0da6115
SHA1 45f2f48492417ae6a0eade8aaa808d3d1d760743
SHA256 d7f4964443470b6729865676d76f5f1f416da633033071c34ea5eb19cdea53b5
SHA512 c95fa7faf6a90f32060dba70f79c4d66c68d6eec587306fb98f36fc3ba5d377ebf9dabf47298b71db208fb10f7ccb4e0ed82236c8f26bcc746552588bbb38234

C:\Users\Admin\AppData\Local\Temp\Java Update.txt

MD5 92d0ed3251a0d0b9b94b8f97715eb09c
SHA1 044d545fcf52a6ab3c1f24181ab522001f7212c6
SHA256 f2cf740eab3ad1e2c4c2f62f3b0d91c152f51990b9c4ae040d318d7b8c8cc386
SHA512 4bb0e6a8f8df2c8ba1becf455355a8003d9eee4439524db701ed32b7735a4739f606d7e18e424ee99b260a39aa25de1cc5a6997a06fa2b9237a4d5d3c94a2716

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-09 23:09

Reported

2024-09-09 23:11

Platform

win7-20240903-en

Max time kernel

150s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe"

Signatures

NetWire RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Netwire

botnet stealer netwire

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{51ER3LW3-6YXE-YD6F-5ROI-AF1JX466T30G} C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{51ER3LW3-6YXE-YD6F-5ROI-AF1JX466T30G}\StubPath = "\"C:\\Users\\Admin\\AppData\\Roaming\\Imgburn\\Svchost.exe\"" C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\NetWire = "C:\\Users\\Admin\\AppData\\Roaming\\Imgburn\\Svchost.exe" C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2380 set thread context of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2992 set thread context of 1840 N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 2660 set thread context of 1152 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 988 set thread context of 2244 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 1132 set thread context of 1636 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2148 set thread context of 1476 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2360 set thread context of 1856 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 336 set thread context of 2204 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2128 set thread context of 2728 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2844 set thread context of 2704 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2888 set thread context of 2176 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2160 set thread context of 2696 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 476 set thread context of 2404 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 1056 set thread context of 2560 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 1812 set thread context of 1772 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 336 set thread context of 2240 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 1996 set thread context of 892 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2724 set thread context of 2844 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2500 set thread context of 2224 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2324 set thread context of 2912 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1728 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1728 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1728 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1728 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2300 wrote to memory of 2380 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2300 wrote to memory of 2380 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2300 wrote to memory of 2380 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2300 wrote to memory of 2380 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2300 wrote to memory of 2380 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2300 wrote to memory of 2380 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2300 wrote to memory of 2380 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 1972 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1972 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1972 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1972 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1972 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1972 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1972 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2380 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2980 wrote to memory of 768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2980 wrote to memory of 768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2980 wrote to memory of 768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2980 wrote to memory of 768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2980 wrote to memory of 768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2980 wrote to memory of 768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2980 wrote to memory of 768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2380 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\javaupdates.exe
PID 2256 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 2256 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 2256 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 2256 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 2256 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 2256 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 2256 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe
PID 2380 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe
PID 2380 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Roaming\javaupdates.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d73e7f87a3a95e0f16337c29a6546efa_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1469272742.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe

"C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\916447231.xml"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1679884226.xml"

C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe

"C:\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1672793293.xml"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\295837574.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\246201043.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\503323874.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1147273261.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\805059234.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\678480693.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1062182065.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\404050812.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\921421658.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\705786172.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\452629090.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1613949323.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2131320169.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\248050286.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1662527601.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\212595621.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\324992296.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1612891070.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1652311484.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\22198683.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1183518916.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\323934043.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2091682067.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2002625122.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1323221070.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1435617745.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\763304626.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1992409005.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1671467777.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1523616437.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1202675209.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1054823869.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\314726604.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\473634626.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1005187338.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\871517864.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\536394770.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\754097187.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1444557921.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2081416375.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\975765353.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\842095879.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\813732147.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\155600894.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1143831239.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\105964363.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1700622499.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2136027333.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1231829931.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\896706837.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1533565291.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2111629350.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\76542378.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\294244795.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\378277738.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1972935874.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\515912961.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2110571097.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1424076112.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\871250601.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\655615115.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2144967509.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\753829924.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1324803050.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1661993075.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\856010482.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1193200507.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\738589805.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\724407939.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1534356281.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\876225028.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2051727127.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1177960388.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1582934559.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2086123539.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1114141991.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\846803043.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2022305142.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1642569519.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1754966194.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\782984646.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\515645698.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2042519688.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\398225021.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\451827301.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1306388172.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2130518380.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1563511003.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\298951959.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1661725812.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1626271147.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\422405316.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\386950651.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1330568467.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1295113802.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\442619862.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1903608524.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1245477271.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1702154904.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1547212631.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1233362336.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\307892135.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2141525487.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1567427177.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1672732919.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\215710006.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1098634609.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\433412423.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2006797760.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1341575574.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\767477264.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\102255078.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1675640415.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1010418229.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\555807527.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\249048165.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\892997552.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1576367353.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1449788812.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1878102713.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1332368135.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\287410326.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\93047639.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\895905048.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\589145686.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\230682862.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\120353118.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\113262185.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\677144378.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1021425336.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\208351810.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1929588487.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2126018105.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\697358924.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1041639882.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\647722393.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1949803033.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\530301716.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1481010465.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1438464867.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\241689969.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2046959589.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1037456445.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1149853120.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\568663877.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\681060552.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\99871309.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1940595594.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1008034460.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\2078230817.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1316860753.xml"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Users\Admin\AppData\Roaming\javaupdates.exe

"C:\Users\Admin\AppData\Roaming\javaupdates.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\1497041574.xml"

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /TN "Update\Java Update" /F

C:\Windows\SysWOW64\cmd.exe

"cmd"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Update\Java Update" /XML "C:\Users\Admin\AppData\Local\Temp\838910321.xml"

Network

Country Destination Domain Proto
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp
GB 185.125.205.77:39560 tcp

Files

memory/1728-0-0x0000000074F91000-0x0000000074F92000-memory.dmp

memory/1728-1-0x0000000074F90000-0x000000007553B000-memory.dmp

memory/1728-2-0x0000000074F90000-0x000000007553B000-memory.dmp

memory/1728-3-0x0000000074F90000-0x000000007553B000-memory.dmp

memory/2380-4-0x0000000074F90000-0x000000007553B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1469272742.xml

MD5 14bfb8a0f2c6380a505dd415a09eddcd
SHA1 0fe22eeba5775d08c1011f22f0f2e160a1b99ca2
SHA256 4c00c0f5f85f39e56adbee0bc65c0c58ae5139c06a3a91f62787a2e6c90a71ec
SHA512 0b980a85ff9133562afdca750f483418f05fedf37629fc345ac8ea03737eb3ff3fffb50ecb8a63a569e41cb0965f9e77132b1320a6ed038298d4162aa2a1006c

memory/2256-8-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2256-10-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2256-12-0x0000000000400000-0x000000000042C000-memory.dmp

\Users\Admin\AppData\Roaming\Imgburn\Svchost.exe

MD5 d73e7f87a3a95e0f16337c29a6546efa
SHA1 753398b57ac5a470d4c2573e1b51cb3ed783e834
SHA256 032f82ee87063844044f26e9c171170ee56b5e480a26402371018512fb92ff6a
SHA512 e966fcfc3fb032e6b602f5bfcbc5842a9c88a8427096f9902e2ec12d08f30c851104c10f10824b084a1e18cf6e9e44114d5f3fd1f688a3d8db6e805976ed4b25

memory/2256-14-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2256-18-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2256-16-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2256-25-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2256-23-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2256-21-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2256-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2380-44-0x0000000074F90000-0x000000007553B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Java Update.txt

MD5 3ae5e88e8e85f7038b2cd05cd5be03cf
SHA1 84e007c3af56af18a8f88f760603062028fece4f
SHA256 4cb9c982d02b166b37f737ab6bf4bc7b1711b904b0c9ce521cf3e4f1bf24e4e3
SHA512 713c2f625a9dd75118cf1bd95fb3b281e641210211cde410fc73e47f458ce97d15aa620236cf0191565a1f0633ff3006eb90785d885377b38e1d2decc1425bb7

C:\Users\Admin\AppData\Local\Temp\Java Update.txt

MD5 92d0ed3251a0d0b9b94b8f97715eb09c
SHA1 044d545fcf52a6ab3c1f24181ab522001f7212c6
SHA256 f2cf740eab3ad1e2c4c2f62f3b0d91c152f51990b9c4ae040d318d7b8c8cc386
SHA512 4bb0e6a8f8df2c8ba1becf455355a8003d9eee4439524db701ed32b7735a4739f606d7e18e424ee99b260a39aa25de1cc5a6997a06fa2b9237a4d5d3c94a2716

memory/1840-72-0x0000000000400000-0x000000000042C000-memory.dmp

memory/1840-71-0x0000000000400000-0x000000000042C000-memory.dmp

memory/1840-63-0x000000007EFDE000-0x000000007EFDF000-memory.dmp