95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7

Analysis

max time kernel
150s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe
Size

44KB
MD5

a24ae30e0ad61661ab48591a077ca590
SHA1

a97b8e9a022a468fe42ea94304b4a18ddef1622b
SHA256

95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7
SHA512

cad284e869b527611c625a4b89f715bab2532efe5eac8899770802e266acad8ada99b3422c5edab5bd1fbc09a191d1d96a11d350a64ff0fa35da3e0a20d5aaa3
SSDEEP

768:z4h7HdjVfinrw86jZDim0BAaWkkjUI3gZuqfrBuis:zOdjxinp6ViHnkjTaJBXs

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1188	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	27
PID 1416 wrote to memory of 1188	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	27
PID 1416 wrote to memory of 1188	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	27
PID 1416 wrote to memory of 1188	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	27
PID 1416 wrote to memory of 1188	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	27
PID 1416 wrote to memory of 1180	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	28
PID 1416 wrote to memory of 1180	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	28
PID 1416 wrote to memory of 1180	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	28
PID 1416 wrote to memory of 1180	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	28
PID 1416 wrote to memory of 1180	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	28
PID 1416 wrote to memory of 2020	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	29
PID 1416 wrote to memory of 2020	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	29
PID 1416 wrote to memory of 2020	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	29
PID 1416 wrote to memory of 2020	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	29
PID 1416 wrote to memory of 2020	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	29
PID 1416 wrote to memory of 2044	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	30
PID 1416 wrote to memory of 2044	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	30
PID 1416 wrote to memory of 2044	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	30
PID 1416 wrote to memory of 2044	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	30
PID 1416 wrote to memory of 2044	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	30
PID 1416 wrote to memory of 2036	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	31
PID 1416 wrote to memory of 2036	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	31
PID 1416 wrote to memory of 2036	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	31
PID 1416 wrote to memory of 2036	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	31
PID 1416 wrote to memory of 2036	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	31
PID 1416 wrote to memory of 1912	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	32
PID 1416 wrote to memory of 1912	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	32
PID 1416 wrote to memory of 1912	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	32
PID 1416 wrote to memory of 1912	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	32
PID 1416 wrote to memory of 1912	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	32
PID 1416 wrote to memory of 112	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	33
PID 1416 wrote to memory of 112	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	33
PID 1416 wrote to memory of 112	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	33
PID 1416 wrote to memory of 112	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	33
PID 1416 wrote to memory of 112	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	33
PID 1416 wrote to memory of 1464	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	34
PID 1416 wrote to memory of 1464	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	34
PID 1416 wrote to memory of 1464	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	34
PID 1416 wrote to memory of 1464	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	34
PID 1416 wrote to memory of 1464	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	34
PID 1416 wrote to memory of 1892	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	35
PID 1416 wrote to memory of 1892	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	35
PID 1416 wrote to memory of 1892	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	35
PID 1416 wrote to memory of 1892	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	35
PID 1416 wrote to memory of 1892	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	35
PID 1416 wrote to memory of 1228	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	36
PID 1416 wrote to memory of 1228	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	36
PID 1416 wrote to memory of 1228	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	36
PID 1416 wrote to memory of 1228	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	36
PID 1416 wrote to memory of 1228	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	36
PID 1416 wrote to memory of 880	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	37
PID 1416 wrote to memory of 880	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	37
PID 1416 wrote to memory of 880	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	37
PID 1416 wrote to memory of 880	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	37
PID 1416 wrote to memory of 880	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	37
PID 1416 wrote to memory of 1240	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	38
PID 1416 wrote to memory of 1240	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	38
PID 1416 wrote to memory of 1240	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	38
PID 1416 wrote to memory of 1240	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	38
PID 1416 wrote to memory of 1240	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	38
PID 1416 wrote to memory of 1072	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	39
PID 1416 wrote to memory of 1072	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	39
PID 1416 wrote to memory of 1072	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	39
PID 1416 wrote to memory of 1072	1416	95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe	39

C:\Users\Admin\AppData\Local\Temp\95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe
"C:\Users\Admin\AppData\Local\Temp\95cb0cb7c3ddc5edf27c5ab3a8f1b7e4d9f1f3568814adea6bc9c41341db33a7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1188
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1180
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2020
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2044
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2036
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1912
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:112
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1464
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1892
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1228
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:880
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1240
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1072
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:584
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:684
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:668
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:632
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1684
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:520
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1896
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2040
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1776
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1828
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2004
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1524
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:824
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1688
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1680
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1540
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1532
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:324
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:624
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:856
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1668
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:692
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:552
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:832
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1204
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2012
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1516
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:776
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1808
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1924
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1480
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1920
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1968
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1472
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1972
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1784
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1696
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1640
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1836
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1652
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1120
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1000
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:828
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:996
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1660
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1584
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:804
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1996
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1632
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1844
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:604
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1548
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:536
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1752
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1744
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:952
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1764
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2024
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:892
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1316
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1604
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1596
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1820
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1568
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1932
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1232
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:888
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1512
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1900
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1032
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:432
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1068
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1736
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1644
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2056
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2064
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2072
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2080
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2088
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2096

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads