Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
26-02-2022 06:56
Static task
static1
Behavioral task
behavioral1
Sample
b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3.exe
Resource
win10v2004-en-20220113
General
-
Target
b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3.exe
-
Size
1016KB
-
MD5
cf04ef7185ddf7d7eb50cdda20987b52
-
SHA1
300e4d06ce151141c8b858c2a752be1fa0d53ad8
-
SHA256
b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3
-
SHA512
e596a1ce2a0d24681289f7e84ed24fe70a768bdb160eda5c4c39be3dd061d1cdf0309792aef03c2944e51fc630a3f2f7aa693c1e984aef69762f4bb3d77e98e7
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\INF\netrasa.PNF svchost.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg svchost.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections svchost.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 656 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found -
Suspicious use of AdjustPrivilegeToken 18 IoCs
description pid Process Token: SeShutdownPrivilege 5044 svchost.exe Token: SeCreatePagefilePrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe Token: SeLoadDriverPrivilege 5044 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3.exe"C:\Users\Admin\AppData\Local\Temp\b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3.exe"1⤵PID:3944
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc1⤵PID:4852
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s DsmSvc1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:444
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:5044
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4736
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:960
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1852
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:5040
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4320
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1624
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1132
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2584
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2436
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1040
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3988
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3440
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4228
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4512
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1164
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:432
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3908
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1968
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3496
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3064
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1012
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3612
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:220
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4652
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3332
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:5036
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2360
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2624
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2980
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1360
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1648
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2312
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:612
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3936
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3476
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4300
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1340
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3384
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1036
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1840
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2952
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1284
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1964
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2248
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3232
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4712
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:216
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3412
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4832
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3156
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3040
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4172
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3820
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1220
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3708
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3332
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2516
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2360
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2624
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4416
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1388
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2320
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3940
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:732
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3484
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3440
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1432
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4088
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1356
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4684
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1036
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2280
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1376
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3168
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1968
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1576
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:816
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1348
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1776
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4784
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:5000
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:424
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3404
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1916
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4120
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4752
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2912
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2268
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3216
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3928
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4336
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4700
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4652
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4732
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3708
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3160
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3332
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2516
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2360
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2144
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4396
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2204
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1052
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3572
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3640
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3044
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2748
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3940
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3476
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1248
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4580
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2180
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1768
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2444
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4904
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1456
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4292
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2264
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4204
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1436
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:1576
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:444
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3472
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3608
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3116
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4364
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:2172
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:4784
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs1⤵PID:3604