bd1c01975c2fe3bdea8b2c7de53ccdc12a5fccaae00cbf2ad202a3bf7b905271

Analysis

max time kernel
81s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Trojan-Ransom.Win32.Blocker.exe
Size

213KB
MD5

8f87064ff0fa9537bf730c31fc6e5812
SHA1

db42bab1e2520059b1dd5a4fcb506a9b8879d476
SHA256

bd1c01975c2fe3bdea8b2c7de53ccdc12a5fccaae00cbf2ad202a3bf7b905271
SHA512

dc7320c2ab6b55e42bca10f7c033564bcbad78661a217161371c674f5ea0a6229e49e9a8e23802cddb4fc5f752a7d20d25b7cb5095164d686e3cdeb6c544739b
SSDEEP

6144:NfM8H/CEYmoa4VQhnx9KB4uU4sLL3gHovIMToSe:/RYxaGQo4uU4sLL3gLMToSe

Score

10^/10

evasion spyware stealer trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 13 IoCs

evasion trojan

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	Trojan-Ransom.Win32.Blocker.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1472-55-0x0000000000400000-0x00000000004AB000-memory.dmp	upx
behavioral1/memory/1472-73-0x0000000000400000-0x00000000004AB000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Checks whether UAC is enabled 1 TTPs 8 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Trojan-Ransom.Win32.Blocker.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	Trojan-Ransom.Win32.Blocker.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Runs ping.exe 1 TTPs 64 IoCs

Remote System Discovery

T1018

pid	Process
1340	Process not Found
1556	Process not Found
1412	Process not Found
1592	Process not Found
1728	Process not Found
1600	Process not Found
1520	Process not Found
1280	PING.EXE
848	PING.EXE
1956	PING.EXE
1596	Process not Found
1484	Process not Found
1128	Process not Found
1728	Process not Found
608	PING.EXE
1600	PING.EXE
1172	Process not Found
1800	Process not Found
1192	PING.EXE
1808	Process not Found
2024	Process not Found
812	Process not Found
912	Process not Found
1628	Process not Found
816	Process not Found
1464	Process not Found
1836	Process not Found
844	Process not Found
688	Process not Found
1624	Process not Found
1060	PING.EXE
1568	PING.EXE
1296	Process not Found
1280	Process not Found
452	Process not Found
1764	PING.EXE
1804	PING.EXE
1608	PING.EXE
1940	Process not Found
816	Process not Found
1808	Process not Found
1436	Process not Found
920	Process not Found
900	Process not Found
1696	Process not Found
1200	Process not Found
2024	Process not Found
904	PING.EXE
1604	Process not Found
1696	Process not Found
1548	Process not Found
1608	Process not Found
900	Process not Found
468	Process not Found
896	Process not Found
920	PING.EXE
1604	Process not Found
1940	Process not Found
1632	Process not Found
452	PING.EXE
608	Process not Found
1836	Process not Found
600	Process not Found
556	Process not Found

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
700	WScript.exe
1124	WScript.exe
2012	WScript.exe
1196	WScript.exe
1164	WScript.exe
1048	WScript.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 1124	1472	Trojan-Ransom.Win32.Blocker.exe	29
PID 1472 wrote to memory of 1124	1472	Trojan-Ransom.Win32.Blocker.exe	29
PID 1472 wrote to memory of 1124	1472	Trojan-Ransom.Win32.Blocker.exe	29
PID 1472 wrote to memory of 1124	1472	Trojan-Ransom.Win32.Blocker.exe	29
PID 1472 wrote to memory of 1196	1472	Trojan-Ransom.Win32.Blocker.exe	27
PID 1472 wrote to memory of 1196	1472	Trojan-Ransom.Win32.Blocker.exe	27
PID 1472 wrote to memory of 1196	1472	Trojan-Ransom.Win32.Blocker.exe	27
PID 1472 wrote to memory of 1196	1472	Trojan-Ransom.Win32.Blocker.exe	27
PID 1472 wrote to memory of 1164	1472	Trojan-Ransom.Win32.Blocker.exe	28
PID 1472 wrote to memory of 1164	1472	Trojan-Ransom.Win32.Blocker.exe	28
PID 1472 wrote to memory of 1164	1472	Trojan-Ransom.Win32.Blocker.exe	28
PID 1472 wrote to memory of 1164	1472	Trojan-Ransom.Win32.Blocker.exe	28
PID 1472 wrote to memory of 700	1472	Trojan-Ransom.Win32.Blocker.exe	30
PID 1472 wrote to memory of 700	1472	Trojan-Ransom.Win32.Blocker.exe	30
PID 1472 wrote to memory of 700	1472	Trojan-Ransom.Win32.Blocker.exe	30
PID 1472 wrote to memory of 700	1472	Trojan-Ransom.Win32.Blocker.exe	30
PID 1472 wrote to memory of 1048	1472	Trojan-Ransom.Win32.Blocker.exe	31
PID 1472 wrote to memory of 1048	1472	Trojan-Ransom.Win32.Blocker.exe	31
PID 1472 wrote to memory of 1048	1472	Trojan-Ransom.Win32.Blocker.exe	31
PID 1472 wrote to memory of 1048	1472	Trojan-Ransom.Win32.Blocker.exe	31
PID 1472 wrote to memory of 2012	1472	Trojan-Ransom.Win32.Blocker.exe	32
PID 1472 wrote to memory of 2012	1472	Trojan-Ransom.Win32.Blocker.exe	32
PID 1472 wrote to memory of 2012	1472	Trojan-Ransom.Win32.Blocker.exe	32
PID 1472 wrote to memory of 2012	1472	Trojan-Ransom.Win32.Blocker.exe	32
PID 1124 wrote to memory of 452	1124	WScript.exe	34
PID 1124 wrote to memory of 452	1124	WScript.exe	34
PID 1124 wrote to memory of 452	1124	WScript.exe	34
PID 1124 wrote to memory of 452	1124	WScript.exe	34
PID 1048 wrote to memory of 1668	1048	WScript.exe	36
PID 1048 wrote to memory of 1668	1048	WScript.exe	36
PID 1048 wrote to memory of 1668	1048	WScript.exe	36
PID 1048 wrote to memory of 1668	1048	WScript.exe	36
PID 2012 wrote to memory of 600	2012	WScript.exe	59
PID 2012 wrote to memory of 600	2012	WScript.exe	59
PID 2012 wrote to memory of 600	2012	WScript.exe	59
PID 2012 wrote to memory of 600	2012	WScript.exe	59
PID 1164 wrote to memory of 1296	1164	WScript.exe	35
PID 1164 wrote to memory of 1296	1164	WScript.exe	35
PID 1164 wrote to memory of 1296	1164	WScript.exe	35
PID 1164 wrote to memory of 1296	1164	WScript.exe	35
PID 1196 wrote to memory of 1632	1196	WScript.exe	39
PID 1196 wrote to memory of 1632	1196	WScript.exe	39
PID 1196 wrote to memory of 1632	1196	WScript.exe	39
PID 1196 wrote to memory of 1632	1196	WScript.exe	39
PID 700 wrote to memory of 1108	700	WScript.exe	62
PID 700 wrote to memory of 1108	700	WScript.exe	62
PID 700 wrote to memory of 1108	700	WScript.exe	62
PID 700 wrote to memory of 1108	700	WScript.exe	62
PID 1164 wrote to memory of 904	1164	WScript.exe	47
PID 1164 wrote to memory of 904	1164	WScript.exe	47
PID 1164 wrote to memory of 904	1164	WScript.exe	47
PID 1164 wrote to memory of 904	1164	WScript.exe	47
PID 1196 wrote to memory of 556	1196	WScript.exe	46
PID 1196 wrote to memory of 556	1196	WScript.exe	46
PID 1196 wrote to memory of 556	1196	WScript.exe	46
PID 1196 wrote to memory of 556	1196	WScript.exe	46
PID 2012 wrote to memory of 1520	2012	WScript.exe	66
PID 2012 wrote to memory of 1520	2012	WScript.exe	66
PID 2012 wrote to memory of 1520	2012	WScript.exe	66
PID 2012 wrote to memory of 1520	2012	WScript.exe	66
PID 1124 wrote to memory of 1988	1124	WScript.exe	50
PID 1124 wrote to memory of 1988	1124	WScript.exe	50
PID 1124 wrote to memory of 1988	1124	WScript.exe	50
PID 1124 wrote to memory of 1988	1124	WScript.exe	50

System policy modification 1 TTPs 19 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	Trojan-Ransom.Win32.Blocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	WScript.exe

C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe"
1⤵
- UAC bypass
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1472
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\appdata\Roaming\WinNTService.vbs"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:1196
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1116
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:840
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:848
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1948
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1948
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:912
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1928
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1928
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\appdata\Roaming\WinNTService.vbs"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:1164
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1116
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:848
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:848
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:848
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1968
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:848
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1948
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:840
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:912
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:812
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1484
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\appdata\Roaming\WinNTService.vbs"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:1124
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:848
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1948
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1948
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1968
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:840
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1968
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:840
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:912
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1928
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:812
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\appdata\Roaming\WinNTService.vbs"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1116
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1968
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1020
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:812
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1948
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\appdata\Roaming\WinNTService.vbs"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:1048
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1116
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1968
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:848
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1948
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:840
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:904
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:912
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:812
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:912
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\appdata\Roaming\WinNTService.vbs"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:2012
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:732
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1948
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:840
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1192
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:840
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1956
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1668
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:660
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:992
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1108
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:556
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:468
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:840
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:840
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    - Runs ping.exe
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:852
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:920
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:2016
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:760
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:452
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1768
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1020
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:940
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:912
- - C:\Windows\SysWOW64\PING.EXE
    "C:\Windows\System32\PING.EXE" -n 1 update.hotdogsystem.com
    3⤵
    PID:1632

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-344843129-260869622-10907202792005558491-2064752614149854509-9583405001405144056"
1⤵
PID:1108

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "509234982587103322-497115165-589898820-1779839218-1387934043-3866174441307301817"
1⤵
PID:1956

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "302247286625870522-31005239689015417217068108345965110201386165384-1330591742"
1⤵
PID:452

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1593581829-807804348-1898806966-157499088411521283411115203375-241633789979014712"
1⤵
PID:2016

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1900215552782924983-36990701452660011928132167408294897-1769983171943207610"
1⤵
PID:1060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1494341763-1835372284635480982321070282-6344893031073655760-668861797-1388116946"
1⤵
PID:1764

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1837086504-1848642842-8243365822602079741587899360-482135692-13527173411345881977"
1⤵
PID:1592

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1647638991-16424967261359689479-140384711093840301811767628003416051121215287187"
1⤵
PID:940

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "821622167-1010872434-3651586375155891-975114168-1083315932-1136730750633988370"
1⤵
PID:608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "681975692-134421091541094546612643537192058538061-87662091120299903231929706399"
1⤵
PID:1192

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18273563621011487025-613705793-1675859491-1058220197316066521-1414705533764101412"
1⤵
PID:1568

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1701915278-1110444738-207363165713926154238794609815978465731164210515-2010904157"
1⤵
PID:556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-86161541-558835076-1870793081-1121045140-408292299361220197-631049018-517746835"
1⤵
PID:1988

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-99232997-2904339655601292471661555581189567423316790744377636396061143909929"
1⤵
PID:1956

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11391442306363825841217930229-323935220-1676486849893812225-21065999461582040035"
1⤵
PID:1252

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-972113688938453157-15718605-2109017868-2103386633-21091401041237407508-1806497702"
1⤵
PID:2044

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-908591807-38369585114229977448792635381789044991664230299-18037241251750791038"
1⤵
PID:1108

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16853729921243843333172734001948149186-8852948102138637938-838832677-373392223"
1⤵
PID:1340

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1513936483322931203-1730160637-12155661391724995225-1508072855389476036269937723"
1⤵
PID:1668

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1365389182-1190446422-1719469219-800585248-21435083741415217856-19712671551424441126"
1⤵
PID:468

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5355824401819054211-105219310671492717-750866245-300035661-1859175345-425782711"
1⤵
PID:556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1757945890-201164556416874246562077257164-1475568413-297601034-7356399452007360628"
1⤵
PID:1116

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12563002221584921315-1540320604-1904864080-591316888-3558892589368862841072130460"
1⤵
PID:1564

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5339992832073400570-2778422101296015288-587750040723608892626698345560152863"
1⤵
PID:1120

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1200772213662302584-12644099751831871883-1806155264-71010534-1684164954-1668199137"
1⤵
PID:1800

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-271581472-123073892012810080939211711371712294981557910929-1180008617-1905802373"
1⤵
PID:992

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1942210410-211888153-5891422721052052967-4459247631861937068756505092491479572"
1⤵
PID:468

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-731413389-121179937817881119199937557931729669609685018504-20791584741380304146"
1⤵
PID:920

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-31599983723804624-7754355182007091464-929868409-468540674-16158172352083319055"
1⤵
PID:1340

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10407388657534772361930400111-109454358-2002940368-305443057396771009986300213"
1⤵
PID:600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1322969798-13298090981909509000266619299-903801988-117559027875534728198587143"
1⤵
PID:1060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1573480381897017527-12844250914489568471835501196618234509117168063347001468"
1⤵
PID:1280

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1870960155-576345410-54814061118118040422127247168509255410-1254938596-512042636"
1⤵
PID:1768

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2069860849-392247586-242418887-769085179799370930-952355744-12768713181484138896"
1⤵
PID:1596

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1441762821886213085-2126230962731180760-677155808-1501583476159655261356050810"
1⤵
PID:1764

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2766101562038705440-921204227-1282767656696081365-8867835016610846191240615135"
1⤵
PID:1600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "803376099-468847284-762328373-19227776111232517679700925892-637362415-38574676"
1⤵
PID:600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19509916991009752013-1862319964-985984062-107757630743101087-19160894231954876775"
1⤵
PID:1764

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "531753080448427260150338926756466764-843568150-253126473-1056200865942333607"
1⤵
PID:1700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-798131917-7140794423000330541719831003-1684401465-1655116161575607280215673618"
1⤵
PID:556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-652716491252184640-97958150651636840-1480707735-1540147786-11411130401368318399"
1⤵
PID:1700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7646184781106191890-1554944740815484241-391246772-635524226-1737270431-889363616"
1⤵
PID:1932

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "205089269062572997-16174578171084472903-210866088-1992644220-2019501111-386809605"
1⤵
PID:1800

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "20566272431820499869886749494376162547-1876934744469032652-577047063-647951006"
1⤵
PID:2016

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2825375212225652031435820654-1157464267-2043267398-325016561390558089917770628"
1⤵
PID:1956

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2019110572952926554159024915385934079-2065890810-7256390124568264641469348293"
1⤵
PID:920

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "523718997-1601946491386020920336414241234332607166903158120998428751495556080"
1⤵
PID:992

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1372006290-1111158048456395276-873789289159280151-2736149621820392637-1529646148"
1⤵
PID:1608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1830544758179232382-9602695261597683718817366759-118865199-1452676192-639659919"
1⤵
PID:1788

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1645421190922091852-2054506879499310510-1194136703-873683121-428954572-664788658"
1⤵
PID:1108

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "253279618-613323591171920664-1114485451-1747144721-1305141990-1747089378-1343482777"
1⤵
PID:1700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1102684246708666051-998850546454541026441137305492504355-1296401940-428146507"
1⤵
PID:904

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2129115077-2044255735-1522214853710679674-66227272682442395358257236654987026"
1⤵
PID:1632

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10360945889779339679320005451171361716-2119979559-1342132912-725080372-591967216"
1⤵
PID:1280

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "807669608-10153053131710496737-675063178-1707563619-99681404-548883687-2106619623"
1⤵
PID:1564

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17299344221140546049-1167862648-90283245150005465910056876322036813736-177981972"
1⤵
PID:1764

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1598217679-806176475-537632146211807128345132580965707851456556859-1498250815"
1⤵
PID:1788

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "140484745568212297-574997544210879062015229407041455985188-406106218-227490891"
1⤵
PID:608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "921901279794578586-2043725931232177282-1107802982-530366780379357867-741555099"
1⤵
PID:1520

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "686810229-163295924232225276-341310078-728257696-2110831653-225991409139801426"
1⤵
PID:1600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1880706287-1036152118-20172607-75540989-955993637-10208097231629824561-228758156"
1⤵
PID:1800

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1878955219-1011217774847023102-187976198413557226821637077827-19700182961497862544"
1⤵
PID:1632

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16376437385856420539014825301189865319182990331612017916971490608808-401433961"
1⤵
PID:2044

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1361725901-167098558215734710882012972555-12973598351770340720-835302118-394600997"
1⤵
PID:1604

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "963763359-858297513-1000139542-166717931716737702444288116881346833337-595073660"
1⤵
PID:904

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "315105460-4045162124766359901114888349-701922623149703924-1231318864-1173194663"
1⤵
PID:452

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "729152470-1670460240-1326945034166251860917272381281697395899235001841-1351200179"
1⤵
PID:1592

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10952123332045331473-6811536221803014267-156623911899077031812854584921775658378"
1⤵
PID:1800

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-898246276-885755268358333109-124518473-268130294565472114-1672710830-458806061"
1⤵
PID:920

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13154603-1829018450-61702989-1519248498-10551963572026311769-1957827207-1163882811"
1⤵
PID:1252

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1847063695-966826061-1354807780-4344086651584891940644849952-1642773676241316232"
1⤵
PID:556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-379026615-885656438-25399471793476524-192905188587758754117042277012074631575"
1⤵
PID:992

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-955234273186640911718005568732121326033-606604241686138861-16442288201472366635"
1⤵
PID:1604

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14589205821925507560-1264437335201746235-1522259411-2054616582142197067953713589"
1⤵
PID:1768

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "20601531151324484691-1539572705144902953511735951728718894-1812360609-559249299"
1⤵
PID:1608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "252287492-20651417101542353568508093509-11515318141765281595-85732711140110490"
1⤵
PID:1564

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "496705308-93319466-1724495643-1751562016-16781571621437055808-1132441516-1460149613"
1⤵
PID:1436

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-51330070132620428-7560914141610377701-9883531611864433568-9119612521274388998"
1⤵
PID:1800

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-483877743521558194-543603755-54334750-4825530941396966230442871033-1525994266"
1⤵
PID:1836

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-880062046-1741049615-43714899656257192820129379051835392943-2083505994-1565563193"
1⤵
PID:1700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1296997168-65384452920606398-1858345189-535706071601833780923717440-1901515216"
1⤵
PID:556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "800146802909123168-1123191585695917088-1355340422367686443203240268242913809"
1⤵
PID:1120

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "947176778-18821969049975594311925282792-630455380-26720943-5796454531552349341"
1⤵
PID:600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-531416402385204894-898070917-2109691581638185134-1651445546-371624130-422464963"
1⤵
PID:1280

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3296981751976404301334671464-11510368669378718882066067970-2113876808-917844074"
1⤵
PID:1604

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19976661398326208963442751515789515-15123072701703220273945800470-1597244108"
1⤵
PID:1296

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-618433555-1265843505-974177217-1337784659-21293306271185739202-1042003605-1064076804"
1⤵
PID:992

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-11012523161002215856-927517166-1177172429347023574-1566650919-269609987-1049645043"
1⤵
PID:2016

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2035248212225965711671582488180973198-1350592029-523085222985856372677095592"
1⤵
PID:1836

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-114064636-1144562971-1980337247-1303081595-13263468127457032672211401951633718337"
1⤵
PID:920

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1197024710-1889146044161078182099060230913262550101032556470866253110-71133622"
1⤵
PID:1060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1562388697123201860564351610884436208190051455-1859174026-1946542538614095869"
1⤵
PID:1988

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "259776648-1930124498-1364203872-1378415676-2057456994-985285971-333450115-1011931369"
1⤵
PID:1520

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1995399984-9513762069070650661604661144-1813190767-911981576236886115-1342523918"
1⤵
PID:1436

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-211743086-1205421558906113632136119551656285621-1856944033-38934654663842912"
1⤵
PID:1604

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1787900601-741672040-52139273-214198498017132761932364901861161100227-1570919933"
1⤵
PID:904

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1191830306134092155812089957531959760642396308609-1354662298-1863830364-1279037087"
1⤵
PID:1956

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-159799712120368046031328756953273042640-1988014211-439550018-7181016042135849633"
1⤵
PID:452

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12461399622094467848-2121396456-440694401137296040-1596003943-1608400960-47062746"
1⤵
PID:1060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11508138547523765531999155522082339008-6206358672083404134-673979960-1839546469"
1⤵
PID:732

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "664610696857299781435106171-677752411997880479-15004158681145161532543042327"
1⤵
PID:1764

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1186393132-496412049-1363746719-1598466169116143006620162628132016721393-1089563393"
1⤵
PID:904

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12358508532040745644-1441722190-117557743-1206052499-2112920970-1365993002-708593802"
1⤵
PID:1984

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-33358398141598537515576482191122773088204167766593745079120792755601182904730"
1⤵
PID:1800

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "40541371621018822972011633932-547955694396698191-927792713959008551470403866"
1⤵
PID:1340

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "466253830-53727149813722243081972711451-770330041-557419875-1393564054-1491627336"
1⤵
PID:1128

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1924875711837654572-1269025751-4727154348842558311426559091323579061487862036"
1⤵
PID:1836

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1303011258-1095081481-105833487-441150491-110398691715040322531446489245880775341"
1⤵
PID:1296

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "85234198713740543073668320314342327098515175681219301815-33962284678615746"
1⤵
PID:1192

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-921590294-874572409971891761-2052877868-853176251-407824298-1437405620-676686412"
1⤵
PID:1340

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1086801252-13861066061002101551820113446-422127545-1662267814-1711616358601584194"
1⤵
PID:608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-539315601073371679-12001116491316035284-19579120451204123264-1103424432-1987184442"
1⤵
PID:1932

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-64656255-1135320490-1433596010192166530811039723881852240249-3455884811648193430"
1⤵
PID:1768

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15237139131089904506253593518-1678685960-1984597716219100257-2933518841111077284"
1⤵
PID:1564

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-21311992069189065521266822395-6994964712092597565-524111045-9752087155292101"
1⤵
PID:732

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8377304211690558314-2128062340-7331330702070876590-57861825197200321385807781"
1⤵
PID:1436

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "106397591-1392559923-1822672829-12132520895789306951950561103-1910514341795753987"
1⤵
PID:760

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1120997406-161019134182454974918948859922121524995-201520645815365538181065930244"
1⤵
PID:1060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1885025216-205405942800268381908766746664570685801735996-1716021611924921741"
1⤵
PID:904

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2545448221007487223583827962-958578718-518874466-988059216-19239701611628202095"
1⤵
PID:732

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1560664550-127513061219234130901049892823200810288214499573972229911221031651549"
1⤵
PID:1700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-17043464701072229981982719135-1000952605-1574531207404121384-1680971415-260552898"
1⤵
PID:468

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-783976632-118787609-576353973-11805408651944971719325666183161456999128076572"
1⤵
PID:1060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2113982435-1891984587-850544113-373081928242307924-22609908-853140870-1758422988"
1⤵
PID:760

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "21216296711591283055208511552214769517681505058071-1184078915-5595415051280411732"
1⤵
PID:1060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-858548940212451145418650586531666570968-1264810381-1807325276-2121075004524822233"
1⤵
PID:1988

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-902277395-1523218467623280976-345620230-1169214619-479739574-17887583781805105162"
1⤵
PID:1700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "95080105826545009-108070262833135409-1607341771-524632369744076641-1914283715"
1⤵
PID:1668

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "413442660-930678932-171527866200423740516788774671841404113-14856552781861728910"
1⤵
PID:1800

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "110104294858809946-115500685520710622315278659421427528541-1636533653862152851"
1⤵
PID:1804

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1842015204987175412656102661-1080633870-203622483314626367781487830108650667510"
1⤵
PID:600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "939882918-1793888394-1166217891475736935-1634577372-12414722191519099914-1083252596"
1⤵
PID:608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7546544012635691491224037638240260341-1404655723-102430024918147173551147933493"
1⤵
PID:1592

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2132714740-2124221533496741038-2044456039-851760325438440432093334617812299477"
1⤵
PID:1600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1451266646-147151537-74812310120993325561659816351292510821-1002870821880190632"
1⤵
PID:1604

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "295391278-1864697700-262730172357508660-1679975341-6119500781874458655-1138486894"
1⤵
PID:732

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "564147743-536021589528613912-784676727-1528503660512137149-2049613042-515490135"
1⤵
PID:1932

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1018720934247551674-482697955-1755202215-20622526941748753437440477984-565359864"
1⤵
PID:1956

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "383479757-38361523617530236501966528357-2137976322-1368137613-1854627313-1676675610"
1⤵
PID:608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1176489507992493147-2084534497751724074-1306152154-181249211-96529797608434214"
1⤵
PID:1596

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1936781806770625861-1535684515-160250531-13949380195659670911299040595-506287782"
1⤵
PID:1436

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-49771075-832044863957518376208098748-764082838-1113485865-5891314911426062870"
1⤵
PID:1808

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "133117902860196998-266720338197007248766600118816228225921419734161-1430365263"
1⤵
PID:920

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1797789220-658641805-3717813291298492331-1422813062807718563-1310703753-1450478856"
1⤵
PID:1120

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18433550681780259615-5893265202042499225-1123914659-1505020384-324491279-1594389067"
1⤵
PID:556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-143451957812007089907871947891479912500-1781292219-423105818-14686803541345800288"
1⤵
PID:1956

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-33145770530455280-529947728-80742659-30310382876506197243306022-268720595"
1⤵
PID:1296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\appdata\Roaming\WinNTService.vbs

Filesize
14KB

MD5
4cbb9dd1d4f2b89c8d2490496edf41af

SHA1
4adbb0912d681bc9661b3b8f6d199ddd822dda8a

SHA256
1da21d7904afc28d125ce63f5eeb5f19b4c59966658eb641d3e765a25c8f929c

SHA512
1b18cca180c90737a57fa7b2766e64a7beb23b8fbc4df372cd9ccf5a5c79c0a3c0a2031f2c2844fa82430f7b967fdcc81311e3e87bcd70b7035c685435bb024e

Download Submit
C:\Users\Admin\appdata\Roaming\WinNTService.vbs

Filesize
14KB

MD5
4cbb9dd1d4f2b89c8d2490496edf41af

SHA1
4adbb0912d681bc9661b3b8f6d199ddd822dda8a

SHA256
1da21d7904afc28d125ce63f5eeb5f19b4c59966658eb641d3e765a25c8f929c

SHA512
1b18cca180c90737a57fa7b2766e64a7beb23b8fbc4df372cd9ccf5a5c79c0a3c0a2031f2c2844fa82430f7b967fdcc81311e3e87bcd70b7035c685435bb024e

Download Submit
C:\Users\Admin\appdata\Roaming\WinNTService.vbs

Filesize
14KB

MD5
4cbb9dd1d4f2b89c8d2490496edf41af

SHA1
4adbb0912d681bc9661b3b8f6d199ddd822dda8a

SHA256
1da21d7904afc28d125ce63f5eeb5f19b4c59966658eb641d3e765a25c8f929c

SHA512
1b18cca180c90737a57fa7b2766e64a7beb23b8fbc4df372cd9ccf5a5c79c0a3c0a2031f2c2844fa82430f7b967fdcc81311e3e87bcd70b7035c685435bb024e

Download Submit
C:\Users\Admin\appdata\Roaming\WinNTService.vbs

Filesize
14KB

MD5
4cbb9dd1d4f2b89c8d2490496edf41af

SHA1
4adbb0912d681bc9661b3b8f6d199ddd822dda8a

SHA256
1da21d7904afc28d125ce63f5eeb5f19b4c59966658eb641d3e765a25c8f929c

SHA512
1b18cca180c90737a57fa7b2766e64a7beb23b8fbc4df372cd9ccf5a5c79c0a3c0a2031f2c2844fa82430f7b967fdcc81311e3e87bcd70b7035c685435bb024e

Download Submit
memory/452-93-0x0000000000000000-mapping.dmp

Download
memory/452-74-0x0000000000000000-mapping.dmp

Download
memory/468-86-0x0000000000000000-mapping.dmp

Download
memory/468-94-0x0000000000000000-mapping.dmp

Download
memory/556-81-0x0000000000000000-mapping.dmp

Download
memory/556-103-0x0000000000000000-mapping.dmp

Download
memory/556-120-0x0000000000000000-mapping.dmp

Download
memory/600-87-0x0000000000000000-mapping.dmp

Download
memory/600-100-0x0000000000000000-mapping.dmp

Download
memory/600-76-0x0000000000000000-mapping.dmp

Download
memory/608-119-0x0000000000000000-mapping.dmp

Download
memory/608-113-0x0000000000000000-mapping.dmp

Download
memory/700-64-0x0000000000000000-mapping.dmp

Download
memory/732-128-0x0000000000000000-mapping.dmp

Download
memory/760-114-0x0000000000000000-mapping.dmp

Download
memory/760-101-0x0000000000000000-mapping.dmp

Download
memory/904-129-0x0000000000000000-mapping.dmp

Download
memory/904-80-0x0000000000000000-mapping.dmp

Download
memory/940-115-0x0000000000000000-mapping.dmp

Download
memory/992-121-0x0000000000000000-mapping.dmp

Download
memory/1048-67-0x0000000000000000-mapping.dmp

Download
memory/1060-110-0x0000000000000000-mapping.dmp

Download
memory/1108-130-0x0000000000000000-mapping.dmp

Download
memory/1108-79-0x0000000000000000-mapping.dmp

Download
memory/1116-96-0x0000000000000000-mapping.dmp

Download
memory/1116-118-0x0000000000000000-mapping.dmp

Download
memory/1120-112-0x0000000000000000-mapping.dmp

Download
memory/1124-56-0x0000000000000000-mapping.dmp

Download
memory/1128-84-0x0000000000000000-mapping.dmp

Download
memory/1164-58-0x0000000000000000-mapping.dmp

Download
memory/1192-106-0x0000000000000000-mapping.dmp

Download
memory/1196-57-0x0000000000000000-mapping.dmp

Download
memory/1252-124-0x0000000000000000-mapping.dmp

Download
memory/1296-77-0x0000000000000000-mapping.dmp

Download
memory/1340-131-0x0000000000000000-mapping.dmp

Download
memory/1340-108-0x0000000000000000-mapping.dmp

Download
memory/1472-54-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download
memory/1472-55-0x0000000000400000-0x00000000004AB000-memory.dmp

Filesize
684KB

Download
memory/1472-59-0x0000000003310000-0x0000000003320000-memory.dmp

Filesize
64KB

Download
memory/1472-73-0x0000000000400000-0x00000000004AB000-memory.dmp

Filesize
684KB

Download
memory/1520-98-0x0000000000000000-mapping.dmp

Download
memory/1520-82-0x0000000000000000-mapping.dmp

Download
memory/1520-90-0x0000000000000000-mapping.dmp

Download
memory/1568-117-0x0000000000000000-mapping.dmp

Download
memory/1592-109-0x0000000000000000-mapping.dmp

Download
memory/1600-116-0x0000000000000000-mapping.dmp

Download
memory/1600-123-0x0000000000000000-mapping.dmp

Download
memory/1600-89-0x0000000000000000-mapping.dmp

Download
memory/1632-78-0x0000000000000000-mapping.dmp

Download
memory/1668-75-0x0000000000000000-mapping.dmp

Download
memory/1668-105-0x0000000000000000-mapping.dmp

Download
memory/1764-92-0x0000000000000000-mapping.dmp

Download
memory/1764-102-0x0000000000000000-mapping.dmp

Download
memory/1768-95-0x0000000000000000-mapping.dmp

Download
memory/1768-111-0x0000000000000000-mapping.dmp

Download
memory/1768-125-0x0000000000000000-mapping.dmp

Download
memory/1800-107-0x0000000000000000-mapping.dmp

Download
memory/1932-104-0x0000000000000000-mapping.dmp

Download
memory/1956-126-0x0000000000000000-mapping.dmp

Download
memory/1956-88-0x0000000000000000-mapping.dmp

Download
memory/1988-122-0x0000000000000000-mapping.dmp

Download
memory/1988-83-0x0000000000000000-mapping.dmp

Download
memory/1988-97-0x0000000000000000-mapping.dmp

Download
memory/2012-70-0x0000000000000000-mapping.dmp

Download
memory/2016-91-0x0000000000000000-mapping.dmp

Download
memory/2016-85-0x0000000000000000-mapping.dmp

Download
memory/2016-99-0x0000000000000000-mapping.dmp

Download
memory/2044-127-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads