9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

Analysis

max time kernel
295s
max time network
315s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe
Size

52KB
MD5

d6bf563c9166646e1aafff6bc67a9110
SHA1

c229e525579c2354f20f2ed4437043813d6f69e4
SHA256

9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49
SHA512

9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32
SSDEEP

768:yixLu5hwyAuZ6w6xTxn3HIbPYXi7FLGA8KCppW8lFZsTwQM4P:yiRshIuZMxlIbgXi7FqzT3lFWU

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4860	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe
4648	svchoct.exe
2316	svchoct.exe
2192	svchoct.exe
3864	svchoct.exe
3040	svchoct.exe
1524	svchoct.exe
2212	svchoct.exe
1712	svchoct.exe
5056	svchoct.exe
3480	svchoct.exe
1616	svchoct.exe
2264	svchoct.exe
4660	svchoct.exe
2704	svchoct.exe
3836	svchoct.exe
1920	svchoct.exe
4656	svchoct.exe
4352	svchoct.exe
1768	svchoct.exe
2184	svchoct.exe
2836	svchoct.exe
1680	svchoct.exe
2256	svchoct.exe
2424	svchoct.exe
4576	svchoct.exe
5016	svchoct.exe
1332	svchoct.exe
3032	svchoct.exe
4852	svchoct.exe
3548	svchoct.exe
2948	svchoct.exe
4072	svchoct.exe
2444	svchoct.exe
2244	svchoct.exe
260	svchoct.exe
2152	svchoct.exe
4112	svchoct.exe
3964	svchoct.exe
2688	svchoct.exe
1080	svchoct.exe
3004	svchoct.exe
1168	svchoct.exe
4780	svchoct.exe
3212	svchoct.exe
4220	svchoct.exe
224	svchoct.exe
212	svchoct.exe
3892	svchoct.exe
1236	svchoct.exe
4796	svchoct.exe
3912	svchoct.exe
1212	svchoct.exe
3276	svchoct.exe
3752	svchoct.exe
4988	svchoct.exe
776	svchoct.exe
4032	svchoct.exe
3956	svchoct.exe
4836	svchoct.exe
4224	svchoct.exe
2656	svchoct.exe
3136	svchoct.exe
2648	svchoct.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4860-135-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4860-136-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4860-137-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4860-138-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2316-154-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3864-163-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1524-172-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1712-189-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3480-190-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2264-199-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2704-216-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1920-217-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4352-222-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2184-231-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1680-240-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2424-249-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/5016-258-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3032-267-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3548-276-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4072-285-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2244-294-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2152-303-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3964-312-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1080-321-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1168-330-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3212-339-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/224-348-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3892-357-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4796-367-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1212-375-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3752-384-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/776-393-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3956-402-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4224-411-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3136-419-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1888-424-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4692-429-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3540-434-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3080-439-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2268-444-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1248-449-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2208-454-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2192-459-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4996-464-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2496-469-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3500-474-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3920-479-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/1636-484-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4580-489-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2000-494-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/5080-499-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/448-504-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2948-509-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4432-514-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3424-519-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4752-524-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4760-529-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2332-534-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4144-539-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2304-544-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2404-549-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3720-554-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/212-559-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3856-564-0x0000000000400000-0x000000000044B000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File created	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe
File opened for modification	C:\Windows\SysWOW64\svchoct.exe	svchoct.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 3688 set thread context of 4860	3688	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe	81
PID 4648 set thread context of 2316	4648	svchoct.exe	83
PID 2192 set thread context of 3864	2192	svchoct.exe	86
PID 3040 set thread context of 1524	3040	svchoct.exe	88
PID 2212 set thread context of 1712	2212	svchoct.exe	91
PID 5056 set thread context of 3480	5056	svchoct.exe	93
PID 1616 set thread context of 2264	1616	svchoct.exe	95
PID 4660 set thread context of 2704	4660	svchoct.exe	97
PID 3836 set thread context of 1920	3836	svchoct.exe	101
PID 4656 set thread context of 4352	4656	svchoct.exe	100
PID 1768 set thread context of 2184	1768	svchoct.exe	103
PID 2836 set thread context of 1680	2836	svchoct.exe	105
PID 2256 set thread context of 2424	2256	svchoct.exe	107
PID 4576 set thread context of 5016	4576	svchoct.exe	109
PID 1332 set thread context of 3032	1332	svchoct.exe	111
PID 4852 set thread context of 3548	4852	svchoct.exe	113
PID 2948 set thread context of 4072	2948	svchoct.exe	115
PID 2444 set thread context of 2244	2444	svchoct.exe	117
PID 260 set thread context of 2152	260	svchoct.exe	119
PID 4112 set thread context of 3964	4112	svchoct.exe	121
PID 2688 set thread context of 1080	2688	svchoct.exe	123
PID 3004 set thread context of 1168	3004	svchoct.exe	125
PID 4780 set thread context of 3212	4780	svchoct.exe	127
PID 4220 set thread context of 224	4220	svchoct.exe	129
PID 212 set thread context of 3892	212	svchoct.exe	131
PID 1236 set thread context of 4796	1236	svchoct.exe	133
PID 3912 set thread context of 1212	3912	svchoct.exe	135
PID 3276 set thread context of 3752	3276	svchoct.exe	137
PID 4988 set thread context of 776	4988	svchoct.exe	139
PID 4032 set thread context of 3956	4032	svchoct.exe	141
PID 4836 set thread context of 4224	4836	svchoct.exe	143
PID 2656 set thread context of 3136	2656	svchoct.exe	145
PID 2648 set thread context of 1888	2648	svchoct.exe	147
PID 4536 set thread context of 4692	4536	svchoct.exe	149
PID 4596 set thread context of 3540	4596	svchoct.exe	151
PID 3900 set thread context of 3080	3900	svchoct.exe	153
PID 516 set thread context of 2268	516	svchoct.exe	155
PID 2772 set thread context of 1248	2772	svchoct.exe	157
PID 1508 set thread context of 2208	1508	svchoct.exe	159
PID 2400 set thread context of 2192	2400	svchoct.exe	161
PID 2220 set thread context of 4996	2220	svchoct.exe	163
PID 3840 set thread context of 2496	3840	svchoct.exe	165
PID 1768 set thread context of 3500	1768	svchoct.exe	167
PID 1540 set thread context of 3920	1540	svchoct.exe	169
PID 1076 set thread context of 1636	1076	svchoct.exe	171
PID 1140 set thread context of 4580	1140	svchoct.exe	173
PID 3336 set thread context of 2000	3336	svchoct.exe	175
PID 3608 set thread context of 5080	3608	svchoct.exe	177
PID 2412 set thread context of 448	2412	svchoct.exe	179
PID 1220 set thread context of 2948	1220	svchoct.exe	181
PID 3696 set thread context of 4432	3696	svchoct.exe	183
PID 4448 set thread context of 3424	4448	svchoct.exe	185
PID 1376 set thread context of 4752	1376	svchoct.exe	187
PID 4112 set thread context of 4760	4112	svchoct.exe	189
PID 432 set thread context of 2332	432	svchoct.exe	191
PID 4756 set thread context of 4144	4756	svchoct.exe	193
PID 3048 set thread context of 2304	3048	svchoct.exe	195
PID 3428 set thread context of 2404	3428	svchoct.exe	197
PID 320 set thread context of 3720	320	svchoct.exe	199
PID 4560 set thread context of 212	4560	svchoct.exe	201
PID 3824 set thread context of 3856	3824	svchoct.exe	203
PID 1484 set thread context of 3272	1484	svchoct.exe	205
PID 2548 set thread context of 1088	2548	svchoct.exe	207
PID 3276 set thread context of 4916	3276	svchoct.exe	209

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 4860	3688	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe	81
PID 3688 wrote to memory of 4860	3688	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe	81
PID 3688 wrote to memory of 4860	3688	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe	81
PID 3688 wrote to memory of 4860	3688	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe	81
PID 3688 wrote to memory of 4860	3688	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe	81
PID 4860 wrote to memory of 4648	4860	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe	82
PID 4860 wrote to memory of 4648	4860	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe	82
PID 4860 wrote to memory of 4648	4860	9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe	82
PID 4648 wrote to memory of 2316	4648	svchoct.exe	83
PID 4648 wrote to memory of 2316	4648	svchoct.exe	83
PID 4648 wrote to memory of 2316	4648	svchoct.exe	83
PID 4648 wrote to memory of 2316	4648	svchoct.exe	83
PID 4648 wrote to memory of 2316	4648	svchoct.exe	83
PID 2316 wrote to memory of 2192	2316	svchoct.exe	85
PID 2316 wrote to memory of 2192	2316	svchoct.exe	85
PID 2316 wrote to memory of 2192	2316	svchoct.exe	85
PID 2192 wrote to memory of 3864	2192	svchoct.exe	86
PID 2192 wrote to memory of 3864	2192	svchoct.exe	86
PID 2192 wrote to memory of 3864	2192	svchoct.exe	86
PID 2192 wrote to memory of 3864	2192	svchoct.exe	86
PID 2192 wrote to memory of 3864	2192	svchoct.exe	86
PID 3864 wrote to memory of 3040	3864	svchoct.exe	87
PID 3864 wrote to memory of 3040	3864	svchoct.exe	87
PID 3864 wrote to memory of 3040	3864	svchoct.exe	87
PID 3040 wrote to memory of 1524	3040	svchoct.exe	88
PID 3040 wrote to memory of 1524	3040	svchoct.exe	88
PID 3040 wrote to memory of 1524	3040	svchoct.exe	88
PID 3040 wrote to memory of 1524	3040	svchoct.exe	88
PID 3040 wrote to memory of 1524	3040	svchoct.exe	88
PID 1524 wrote to memory of 2212	1524	svchoct.exe	90
PID 1524 wrote to memory of 2212	1524	svchoct.exe	90
PID 1524 wrote to memory of 2212	1524	svchoct.exe	90
PID 2212 wrote to memory of 1712	2212	svchoct.exe	91
PID 2212 wrote to memory of 1712	2212	svchoct.exe	91
PID 2212 wrote to memory of 1712	2212	svchoct.exe	91
PID 2212 wrote to memory of 1712	2212	svchoct.exe	91
PID 2212 wrote to memory of 1712	2212	svchoct.exe	91
PID 1712 wrote to memory of 5056	1712	svchoct.exe	92
PID 1712 wrote to memory of 5056	1712	svchoct.exe	92
PID 1712 wrote to memory of 5056	1712	svchoct.exe	92
PID 5056 wrote to memory of 3480	5056	svchoct.exe	93
PID 5056 wrote to memory of 3480	5056	svchoct.exe	93
PID 5056 wrote to memory of 3480	5056	svchoct.exe	93
PID 5056 wrote to memory of 3480	5056	svchoct.exe	93
PID 5056 wrote to memory of 3480	5056	svchoct.exe	93
PID 3480 wrote to memory of 1616	3480	svchoct.exe	94
PID 3480 wrote to memory of 1616	3480	svchoct.exe	94
PID 3480 wrote to memory of 1616	3480	svchoct.exe	94
PID 1616 wrote to memory of 2264	1616	svchoct.exe	95
PID 1616 wrote to memory of 2264	1616	svchoct.exe	95
PID 1616 wrote to memory of 2264	1616	svchoct.exe	95
PID 1616 wrote to memory of 2264	1616	svchoct.exe	95
PID 1616 wrote to memory of 2264	1616	svchoct.exe	95
PID 2264 wrote to memory of 4660	2264	svchoct.exe	96
PID 2264 wrote to memory of 4660	2264	svchoct.exe	96
PID 2264 wrote to memory of 4660	2264	svchoct.exe	96
PID 4660 wrote to memory of 2704	4660	svchoct.exe	97
PID 4660 wrote to memory of 2704	4660	svchoct.exe	97
PID 4660 wrote to memory of 2704	4660	svchoct.exe	97
PID 4660 wrote to memory of 2704	4660	svchoct.exe	97
PID 4660 wrote to memory of 2704	4660	svchoct.exe	97
PID 2704 wrote to memory of 3836	2704	svchoct.exe	98
PID 2704 wrote to memory of 3836	2704	svchoct.exe	98
PID 2704 wrote to memory of 3836	2704	svchoct.exe	98

C:\Users\Admin\AppData\Local\Temp\9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe
"C:\Users\Admin\AppData\Local\Temp\9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Users\Admin\AppData\Local\Temp\9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe
  C:\Users\Admin\AppData\Local\Temp\9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4860
- - C:\Windows\SysWOW64\svchoct.exe
    "C:\Windows\system32\svchoct.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:4648
  - - C:\Windows\SysWOW64\svchoct.exe
      C:\Windows\SysWOW64\svchoct.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2316
    - - C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2192
      - C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3864
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:3040
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1524
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2212
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1712
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:5056
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3480
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:1616
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2264
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4660
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2704
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3836
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        18⤵
        Executes dropped EXE
        
        PID:1920

C:\Windows\SysWOW64\svchoct.exe
"C:\Windows\system32\svchoct.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4656
- C:\Windows\SysWOW64\svchoct.exe
  C:\Windows\SysWOW64\svchoct.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- - C:\Windows\SysWOW64\svchoct.exe
    "C:\Windows\system32\svchoct.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:1768
  - - C:\Windows\SysWOW64\svchoct.exe
      C:\Windows\SysWOW64\svchoct.exe
      4⤵
      Executes dropped EXE
      PID:2184
    - - C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2836
      - C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        6⤵
        Executes dropped EXE
        
        PID:1680
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2256
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        8⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4576
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        10⤵
        Executes dropped EXE
        
        PID:5016
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        
        PID:1332
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3032
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        14⤵
        Executes dropped EXE
        
        PID:3548
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2948
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        16⤵
        Executes dropped EXE
        
        PID:4072
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2444
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        18⤵
        Executes dropped EXE
        
        PID:2244
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:260
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        20⤵
        Executes dropped EXE
        
        PID:2152
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4112
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        22⤵
        Executes dropped EXE
        
        PID:3964
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2688
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        24⤵
        Executes dropped EXE
        
        PID:1080
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3004
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        26⤵
        Executes dropped EXE
        
        PID:1168
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4780
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        28⤵
        Executes dropped EXE
        
        PID:3212
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4220
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        30⤵
        Executes dropped EXE
        
        PID:224
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:212
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3892
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        33⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1236
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        34⤵
        Executes dropped EXE
        
        PID:4796
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        35⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3912
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        36⤵
        Executes dropped EXE
        
        PID:1212
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        37⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3276
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        38⤵
        Executes dropped EXE
        
        PID:3752
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        39⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4988
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        40⤵
        Executes dropped EXE
        
        PID:776
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        41⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4032
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        42⤵
        Executes dropped EXE
        
        PID:3956
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        43⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4836
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        44⤵
        Executes dropped EXE
        
        PID:4224
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        45⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2656
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        46⤵
        Executes dropped EXE
        
        PID:3136
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        47⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2648
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        48⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        49⤵
        Suspicious use of SetThreadContext
        
        PID:4536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        50⤵
        Drops file in System32 directory
        
        PID:4692
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        51⤵
        Suspicious use of SetThreadContext
        
        PID:4596
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        52⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        53⤵
        Suspicious use of SetThreadContext
        
        PID:3900
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        54⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        55⤵
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        
        PID:516
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        56⤵
        Drops file in System32 directory
        
        PID:2268
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        57⤵
        Suspicious use of SetThreadContext
        
        PID:2772
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        58⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        59⤵
        Suspicious use of SetThreadContext
        
        PID:1508
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        60⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        61⤵
        Suspicious use of SetThreadContext
        
        PID:2400
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        62⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        63⤵
        Suspicious use of SetThreadContext
        
        PID:2220
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        64⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        65⤵
        Suspicious use of SetThreadContext
        
        PID:3840
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        66⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        67⤵
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        
        PID:1768
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        68⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        69⤵
        Suspicious use of SetThreadContext
        
        PID:1540
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        70⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        71⤵
        Suspicious use of SetThreadContext
        
        PID:1076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        72⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        73⤵
        Suspicious use of SetThreadContext
        
        PID:1140
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        74⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        75⤵
        Suspicious use of SetThreadContext
        
        PID:3336
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        76⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        77⤵
        Suspicious use of SetThreadContext
        
        PID:3608
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        78⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        79⤵
        Suspicious use of SetThreadContext
        
        PID:2412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        80⤵
        
        PID:448
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        81⤵
        Suspicious use of SetThreadContext
        
        PID:1220
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        82⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        83⤵
        Suspicious use of SetThreadContext
        
        PID:3696
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        84⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        85⤵
        Suspicious use of SetThreadContext
        
        PID:4448
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        86⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        87⤵
        Suspicious use of SetThreadContext
        
        PID:1376
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        88⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        89⤵
        Suspicious use of SetThreadContext
        
        PID:4112
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        90⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        91⤵
        Suspicious use of SetThreadContext
        
        PID:432
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        92⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        93⤵
        Suspicious use of SetThreadContext
        
        PID:4756
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        94⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        95⤵
        Suspicious use of SetThreadContext
        
        PID:3048
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        96⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        97⤵
        Suspicious use of SetThreadContext
        
        PID:3428
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        98⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        99⤵
        Suspicious use of SetThreadContext
        
        PID:320
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        100⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        101⤵
        Suspicious use of SetThreadContext
        
        PID:4560
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        102⤵
        
        PID:212
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        103⤵
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        
        PID:3824
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        104⤵
        Drops file in System32 directory
        
        PID:3856
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        105⤵
        Suspicious use of SetThreadContext
        
        PID:1484
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        106⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        107⤵
        Suspicious use of SetThreadContext
        
        PID:2548
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        108⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        109⤵
        Suspicious use of SetThreadContext
        
        PID:3276
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        110⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        111⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        112⤵
        
        PID:396
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        113⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        114⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        115⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        116⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        117⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        118⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        119⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        120⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        121⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        122⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        123⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        124⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        125⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        126⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        127⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        128⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        129⤵
        Drops file in System32 directory
        
        PID:4332
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        130⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        131⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        132⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        133⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        134⤵
        Drops file in System32 directory
        
        PID:2416
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        135⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        136⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        137⤵
        
        PID:760
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        138⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        139⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        140⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        141⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        142⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        143⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        144⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        145⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        146⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        147⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        148⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        149⤵
        
        PID:664
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        150⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        151⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        152⤵
        
        PID:380
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        153⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        154⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        155⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        156⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        157⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        158⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        159⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        160⤵
        Drops file in System32 directory
        
        PID:4112
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        161⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        162⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        163⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        164⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        165⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        166⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        167⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        168⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        169⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        170⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        171⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        172⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        173⤵
        
        PID:4892

C:\Windows\SysWOW64\svchoct.exe
C:\Windows\SysWOW64\svchoct.exe
1⤵
PID:4856
- C:\Windows\SysWOW64\svchoct.exe
  "C:\Windows\system32\svchoct.exe"
  2⤵
  PID:4652
- - C:\Windows\SysWOW64\svchoct.exe
    C:\Windows\SysWOW64\svchoct.exe
    3⤵
    PID:3912
  - - C:\Windows\SysWOW64\svchoct.exe
      "C:\Windows\system32\svchoct.exe"
      4⤵
      PID:4676
    - - C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        5⤵
        
        PID:4972
      - C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        6⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        7⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        8⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        9⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        10⤵
        
        PID:852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        11⤵
        Drops file in System32 directory
        
        PID:1068
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        12⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        13⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        14⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        15⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        16⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        17⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        18⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        19⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        20⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        21⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        22⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        23⤵
        
        PID:456
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        24⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        25⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        26⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        27⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        28⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        29⤵
        Drops file in System32 directory
        
        PID:1616
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        30⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        31⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        32⤵
        
        PID:512
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        33⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        34⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        35⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        36⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        37⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        38⤵
        Drops file in System32 directory
        
        PID:4680
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        39⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        40⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        41⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        42⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        43⤵
        Drops file in System32 directory
        
        PID:4420
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        44⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        45⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        46⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        47⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        48⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        49⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        50⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        51⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        52⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        53⤵
        
        PID:208
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        54⤵
        
        PID:944
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        55⤵
        
        PID:428
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        56⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        57⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        58⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        59⤵
        Drops file in System32 directory
        
        PID:3980
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        60⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        61⤵
        
        PID:224
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        62⤵
        
        PID:780
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        63⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        64⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        65⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        66⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        67⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        68⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        69⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        70⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        71⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        72⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        73⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        74⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        75⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        76⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        77⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        78⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        79⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        80⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        81⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        82⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        83⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        84⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        85⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        86⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        87⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        88⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        89⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        90⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        91⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        92⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        93⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        94⤵
        
        PID:4960

C:\Windows\SysWOW64\svchoct.exe
C:\Windows\SysWOW64\svchoct.exe
1⤵
PID:4388
- C:\Windows\SysWOW64\svchoct.exe
  "C:\Windows\system32\svchoct.exe"
  2⤵
  - Drops file in System32 directory
  PID:2836
- - C:\Windows\SysWOW64\svchoct.exe
    C:\Windows\SysWOW64\svchoct.exe
    3⤵
    PID:2700
  - - C:\Windows\SysWOW64\svchoct.exe
      "C:\Windows\system32\svchoct.exe"
      4⤵
      PID:2256
    - - C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        5⤵
        Drops file in System32 directory
        
        PID:2180
      - C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        6⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        7⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        8⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        9⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        10⤵
        
        PID:444
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        11⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        12⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        13⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        14⤵
        
        PID:1064

C:\Windows\SysWOW64\svchoct.exe
C:\Windows\SysWOW64\svchoct.exe
1⤵
PID:1392
- C:\Windows\SysWOW64\svchoct.exe
  "C:\Windows\system32\svchoct.exe"
  2⤵
  PID:3664
- - C:\Windows\SysWOW64\svchoct.exe
    C:\Windows\SysWOW64\svchoct.exe
    3⤵
    PID:1644
  - - C:\Windows\SysWOW64\svchoct.exe
      "C:\Windows\system32\svchoct.exe"
      4⤵
      PID:4540
    - - C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        5⤵
        
        PID:3656
      - C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        6⤵
        Drops file in System32 directory
        
        PID:4764
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        7⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        8⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        9⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        10⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        11⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        12⤵
        
        PID:320
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        13⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        14⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        15⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        16⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        17⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        18⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        19⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        20⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        21⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        22⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        23⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        24⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        25⤵
        
        PID:852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        26⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        27⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        28⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        29⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        30⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        31⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        32⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        33⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        34⤵
        
        PID:672
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        35⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        36⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        37⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        38⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        39⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        40⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        41⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        42⤵
        Drops file in System32 directory
        
        PID:2936
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        43⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        44⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        45⤵
        Drops file in System32 directory
        
        PID:4200
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        46⤵
        
        PID:1312

C:\Windows\SysWOW64\svchoct.exe
C:\Windows\SysWOW64\svchoct.exe
1⤵
PID:4700
- C:\Windows\SysWOW64\svchoct.exe
  "C:\Windows\system32\svchoct.exe"
  2⤵
  - Drops file in System32 directory
  PID:2256
- - C:\Windows\SysWOW64\svchoct.exe
    C:\Windows\SysWOW64\svchoct.exe
    3⤵
    PID:4768
  - - C:\Windows\SysWOW64\svchoct.exe
      "C:\Windows\system32\svchoct.exe"
      4⤵
      Drops file in System32 directory
      PID:4708
    - - C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        5⤵
        
        PID:1124
      - C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        6⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        7⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        8⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        9⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        10⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        11⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        12⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        13⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        14⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        15⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        16⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        17⤵
        
        PID:980
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        18⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        19⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        20⤵
        
        PID:32
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        21⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        22⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        23⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        24⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        25⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        26⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        27⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        28⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        29⤵
        Drops file in System32 directory
        
        PID:2492
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        30⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        31⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        32⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        33⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        34⤵
        
        PID:700

C:\Windows\SysWOW64\svchoct.exe
C:\Windows\SysWOW64\svchoct.exe
1⤵
PID:3452
- C:\Windows\SysWOW64\svchoct.exe
  "C:\Windows\system32\svchoct.exe"
  2⤵
  - Drops file in System32 directory
  PID:1880
- - C:\Windows\SysWOW64\svchoct.exe
    C:\Windows\SysWOW64\svchoct.exe
    3⤵
    PID:2652
  - - C:\Windows\SysWOW64\svchoct.exe
      "C:\Windows\system32\svchoct.exe"
      4⤵
      PID:4424
    - - C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        5⤵
        
        PID:4688
      - C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        6⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        7⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        8⤵
        
        PID:672
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        9⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        10⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        11⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        12⤵
        Drops file in System32 directory
        
        PID:1860
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        13⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        14⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        15⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        16⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        17⤵
        
        PID:760
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        18⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        19⤵
        Drops file in System32 directory
        
        PID:3804
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        20⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        21⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        22⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        23⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        24⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        25⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        26⤵
        
        PID:444
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        27⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        28⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        29⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        30⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        31⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        32⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        33⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        34⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        35⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        36⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        37⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        38⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        39⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        40⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        41⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        42⤵
        Drops file in System32 directory
        
        PID:1988
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        43⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        44⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        45⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        46⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        47⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        48⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        49⤵
        Drops file in System32 directory
        
        PID:4904
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        50⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        51⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        52⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        53⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        54⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        55⤵
        
        PID:772
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        56⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        57⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        58⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        59⤵
        Drops file in System32 directory
        
        PID:3516
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        60⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        61⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        62⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        63⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        64⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        65⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        66⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        67⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        68⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        69⤵
        Drops file in System32 directory
        
        PID:4036
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        70⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        71⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        72⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        73⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        74⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        75⤵
        
        PID:664
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        76⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        77⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        78⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        79⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        80⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        81⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        82⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        83⤵
        
        PID:944
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        84⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        85⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        86⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        87⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        88⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        89⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        90⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        91⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        92⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        93⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        94⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        95⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        96⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        97⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        98⤵
        
        PID:700
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        99⤵
        Drops file in System32 directory
        
        PID:8
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        100⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        101⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        102⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        103⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        104⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        105⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        106⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        107⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        108⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        109⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        110⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        111⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        112⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        113⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        114⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        115⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        116⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        117⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        118⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        119⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        120⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        121⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        122⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        123⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        124⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        125⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        126⤵
        
        PID:180
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        127⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        128⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        129⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        130⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        131⤵
        Drops file in System32 directory
        
        PID:2272
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        132⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        133⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        134⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        135⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        136⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        137⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        138⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        139⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        140⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        141⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        142⤵
        
        PID:700
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        143⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        144⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        145⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        146⤵
        Drops file in System32 directory
        
        PID:2720
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        147⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        148⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        149⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        150⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        151⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        152⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        153⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        154⤵
        Drops file in System32 directory
        
        PID:4408
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        155⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        156⤵
        Drops file in System32 directory
        
        PID:3268
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        157⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        158⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        159⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        160⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        161⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        162⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        163⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        164⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        165⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        166⤵
        
        PID:432
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        167⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        168⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        169⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        170⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        171⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        172⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        173⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        174⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        175⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        176⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        177⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        178⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        179⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        180⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        181⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        182⤵
        Drops file in System32 directory
        
        PID:956
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        183⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        184⤵
        
        PID:536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        185⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        186⤵
        
        PID:672
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        187⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        188⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        189⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        190⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        191⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        192⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        193⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        194⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        195⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        196⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        109⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        110⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        111⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        112⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        113⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        114⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        115⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        116⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        117⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        118⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        119⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        120⤵
        Drops file in System32 directory
        
        PID:2548
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        121⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        122⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        123⤵
        Drops file in System32 directory
        
        PID:956
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        124⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        125⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        126⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        127⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        128⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        129⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        130⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        131⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        132⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        133⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        134⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        135⤵
        
        PID:780
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        136⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        137⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        138⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        139⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        140⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        141⤵
        
        PID:536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        142⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        143⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        144⤵
        Drops file in System32 directory
        
        PID:1584
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        145⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        146⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        147⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        148⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        149⤵
        
        PID:364
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        150⤵
        Drops file in System32 directory
        
        PID:2076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        151⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        152⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        153⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        154⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        155⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        156⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        157⤵
        
        PID:932
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        158⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        159⤵
        
        PID:832
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        160⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        161⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        162⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        129⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        130⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        131⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        132⤵
        Drops file in System32 directory
        
        PID:3696
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        133⤵
        
        PID:220
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        134⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        135⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        136⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        137⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        138⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        139⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        140⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        141⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        142⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        143⤵
        Drops file in System32 directory
        
        PID:1848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        144⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        145⤵
        
        PID:180
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        146⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        147⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        148⤵
        
        PID:756
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        149⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        150⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        151⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        152⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        153⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        154⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        155⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        156⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        157⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        158⤵
        
        PID:744
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        159⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        160⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        161⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        162⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        163⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        164⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        165⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        166⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        167⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        168⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        169⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        170⤵
        Drops file in System32 directory
        
        PID:512
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        171⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        172⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        173⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        174⤵
        
        PID:32
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        175⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        176⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        177⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        178⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        179⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        180⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        181⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        182⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        183⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        184⤵
        
        PID:216
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        185⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        186⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        187⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        188⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        189⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        190⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        179⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        180⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        181⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        182⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        183⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        184⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        185⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        186⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        187⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        188⤵
        Drops file in System32 directory
        
        PID:4544
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        189⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        190⤵
        
        PID:516
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        191⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        192⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        193⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        194⤵
        
        PID:756
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        195⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        196⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        197⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        198⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        199⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        200⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        201⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        202⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        203⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        204⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        205⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        206⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        207⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        71⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        72⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        73⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        74⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        75⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        76⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        77⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        78⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        79⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        80⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        81⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        82⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        83⤵
        
        PID:320
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        84⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        85⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        86⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        87⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        88⤵
        Drops file in System32 directory
        
        PID:3092
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        89⤵
        Drops file in System32 directory
        
        PID:4156
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        90⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        91⤵
        Drops file in System32 directory
        
        PID:5108
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        92⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        93⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        94⤵
        
        PID:832
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        95⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        96⤵
        Drops file in System32 directory
        
        PID:4612
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        97⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        98⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        99⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        100⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        101⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        102⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        103⤵
        Drops file in System32 directory
        
        PID:1092
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        104⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        105⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        106⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        107⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        108⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        109⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        110⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        111⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        112⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        113⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        114⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        115⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        116⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        117⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        118⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        119⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        120⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        121⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        122⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        123⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        124⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        125⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        126⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        127⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        128⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        129⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        130⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        131⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        132⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        133⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        134⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        135⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        136⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        137⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        138⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        139⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        140⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        141⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        142⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        143⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        144⤵
        Drops file in System32 directory
        
        PID:4404
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        145⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        146⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        147⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        148⤵
        Drops file in System32 directory
        
        PID:4732
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        149⤵
        
        PID:432
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        150⤵
        
        PID:216
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        151⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        152⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        153⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        154⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        155⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        156⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        157⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        158⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        159⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        160⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        161⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        162⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        163⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        164⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        165⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        166⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        167⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        168⤵
        
        PID:512
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        169⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        170⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        171⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        172⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        173⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        174⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        175⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        176⤵
        
        PID:364
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        177⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        178⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        179⤵
        Drops file in System32 directory
        
        PID:4460
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        180⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        181⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        182⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        183⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        184⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        185⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        186⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        187⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        188⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        189⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        190⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        191⤵
        
        PID:700
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        192⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        193⤵
        
        PID:672
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        194⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        195⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        196⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        197⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        198⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        199⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        200⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        201⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        202⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        203⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        204⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        205⤵
        Drops file in System32 directory
        
        PID:4324
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        206⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        191⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        192⤵
        Drops file in System32 directory
        
        PID:1584
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        193⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        194⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        195⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        196⤵
        Drops file in System32 directory
        
        PID:512
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        197⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        198⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        199⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        200⤵
        Drops file in System32 directory
        
        PID:3756
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        201⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        202⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        203⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        204⤵
        
        PID:780
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        205⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        206⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        207⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        208⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        209⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        210⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        211⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        212⤵
        
        PID:536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        213⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        214⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        215⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        216⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        217⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        218⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        219⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        220⤵
        
        PID:744
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        221⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        222⤵
        
        PID:444
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        223⤵
        Drops file in System32 directory
        
        PID:2336
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        224⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        225⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        226⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        227⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        228⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        229⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        230⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        231⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        232⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        233⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        234⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        235⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        236⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        237⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        238⤵
        
        PID:3232

C:\Windows\SysWOW64\svchoct.exe
C:\Windows\SysWOW64\svchoct.exe
1⤵
PID:5076
- C:\Windows\SysWOW64\svchoct.exe
  "C:\Windows\system32\svchoct.exe"
  2⤵
  PID:2288
- - C:\Windows\SysWOW64\svchoct.exe
    C:\Windows\SysWOW64\svchoct.exe
    3⤵
    PID:3172
  - - C:\Windows\SysWOW64\svchoct.exe
      "C:\Windows\system32\svchoct.exe"
      4⤵
      PID:1808
    - - C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        5⤵
        
        PID:4564
      - C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        6⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        7⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        8⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        9⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        10⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        11⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        12⤵
        Drops file in System32 directory
        
        PID:2720
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        13⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        14⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        15⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        16⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        17⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        18⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        19⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        20⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        21⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        22⤵
        Drops file in System32 directory
        
        PID:3652
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        23⤵
        
        PID:652
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        24⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        25⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        26⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        27⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        28⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        29⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        30⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        31⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        32⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        33⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        34⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\svchoct.exe
        
        C:\Windows\SysWOW64\svchoct.exe
        35⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\svchoct.exe
        
        "C:\Windows\system32\svchoct.exe"
        36⤵
        
        PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
C:\Windows\SysWOW64\svchoct.exe

Filesize
52KB

MD5
d6bf563c9166646e1aafff6bc67a9110

SHA1
c229e525579c2354f20f2ed4437043813d6f69e4

SHA256
9e45723659f1e27d160ec1bea2ab4195a081303a2881245b603973d20621ce49

SHA512
9d3953dd9e8417ebe4d04df13c15698a64926ad3b9c6a8bdf2a2caeaa6f659c1d8c5a6d5ffe9346d631c569df2a62e4625b5630b77927da825d6370f22cacf32

Download Submit
memory/212-559-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/224-348-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/448-504-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/776-393-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1080-321-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1088-574-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1168-330-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1212-375-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1248-449-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1524-172-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1636-484-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1680-240-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1712-189-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1888-424-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1920-217-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2000-494-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2152-303-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2184-231-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2192-459-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2208-454-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2244-294-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2264-199-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2268-444-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2304-544-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2316-154-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2332-534-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2404-549-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2424-249-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2496-469-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2704-216-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2948-509-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3032-267-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3080-439-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3136-419-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3212-339-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3272-569-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3424-519-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3480-190-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3500-474-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3540-434-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3548-276-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3720-554-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3752-384-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3856-564-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3864-163-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3892-357-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3920-479-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3956-402-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3964-312-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4072-285-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4144-539-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4224-411-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4352-222-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4432-514-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4580-489-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4692-429-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4752-524-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4760-529-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4796-367-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4860-135-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4860-138-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4860-136-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4860-137-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4860-133-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4916-579-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4996-464-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/5016-258-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/5080-499-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download