babylonrat | ee97a007bb9f08a1c9eea55b9be8c0ee6ae17371446caabf114f2c1e508a8664

Analysis

max time kernel
159s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe
Size

1.2MB
MD5

d4b14e479e91f770b131d2384cfd31cd
SHA1

4a1411e48dc79e2e294fc954b27fe0054287e7fa
SHA256

ee97a007bb9f08a1c9eea55b9be8c0ee6ae17371446caabf114f2c1e508a8664
SHA512

c796d298da80f74c058179cce0361b6ddee8058e5ffee207065b6d15bf515f615737530e79c4e20acd004aeadf16325d1ffb59c210c32e2a6ee8ba88c6c0e455
SSDEEP

12288:+kYakDLEVZCZblRxwdy6AOHryftOR5r0B7Mtc0bGhGtL8H3:puLq6blRu/AOHlRCsc0KQt

Score

10^/10

babylonrat persistence trojan upx

Malware Config

Signatures

Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe

Executes dropped EXE 64 IoCs

pid	Process
3020	Fortnite Aimbot Tool.exe
4748	output.exe
2108	output.exe
4952	svchost.exe
2060	svchost.exe
2860	svchost.exe
628	svchost.exe
4180	svchost.exe
396	svchost.exe
1636	svchost.exe
3712	svchost.exe
5028	svchost.exe
4080	svchost.exe
4964	svchost.exe
4596	svchost.exe
3452	svchost.exe
2460	svchost.exe
1464	svchost.exe
2816	svchost.exe
4600	svchost.exe
4240	svchost.exe
2244	svchost.exe
964	svchost.exe
3804	svchost.exe
3848	svchost.exe
464	svchost.exe
5068	svchost.exe
332	svchost.exe
4436	svchost.exe
2864	svchost.exe
3348	svchost.exe
1528	svchost.exe
2568	svchost.exe
4744	svchost.exe
4920	svchost.exe
4044	svchost.exe
2920	svchost.exe
4320	svchost.exe
2344	svchost.exe
5116	svchost.exe
2740	svchost.exe
2196	svchost.exe
1792	svchost.exe
844	svchost.exe
3160	svchost.exe
4504	svchost.exe
2100	svchost.exe
3388	svchost.exe
628	svchost.exe
4624	svchost.exe
2900	svchost.exe
3420	svchost.exe
568	svchost.exe
4752	svchost.exe
2896	svchost.exe
3088	svchost.exe
3640	svchost.exe
3296	svchost.exe
3216	svchost.exe
748	svchost.exe
364	svchost.exe
4876	svchost.exe
1892	svchost.exe
332	svchost.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2108-27-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2108-31-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2108-32-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2108-38-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-44-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-46-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-48-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-47-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-50-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-49-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-52-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-53-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-54-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/628-62-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/396-69-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/3712-76-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4080-83-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4080-84-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4596-91-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2460-99-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2816-106-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4240-114-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2060-125-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/3848-127-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/464-131-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/332-138-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4044-158-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4920-154-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2920-164-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2344-171-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2740-178-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/3160-190-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4504-193-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4624-205-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2900-208-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/568-215-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2896-222-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/3640-229-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/364-240-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4876-242-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/332-248-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/332-249-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2288-254-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4868-259-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2908-264-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/3724-269-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/1664-276-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/5084-281-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/5084-282-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4764-287-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/1792-292-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/1696-297-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/2232-302-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/3424-307-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/4584-313-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/1480-320-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral2/memory/1480-322-0x0000000000400000-0x00000000004C9000-memory.dmp	upx

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Service = "C:\\ProgramData\\Users\\svchost.exe"	svchost.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 4748 set thread context of 2108	4748	output.exe	90
PID 4952 set thread context of 2060	4952	svchost.exe	92
PID 2860 set thread context of 628	2860	svchost.exe	94
PID 4180 set thread context of 396	4180	svchost.exe	96
PID 1636 set thread context of 3712	1636	svchost.exe	99
PID 5028 set thread context of 4080	5028	svchost.exe	102
PID 4964 set thread context of 4596	4964	svchost.exe	104
PID 3452 set thread context of 2460	3452	svchost.exe	107
PID 1464 set thread context of 2816	1464	svchost.exe	110
PID 4600 set thread context of 4240	4600	svchost.exe	112
PID 964 set thread context of 3848	964	svchost.exe	116
PID 3804 set thread context of 464	3804	svchost.exe	117
PID 5068 set thread context of 332	5068	svchost.exe	119
PID 1528 set thread context of 4920	1528	svchost.exe	127
PID 2568 set thread context of 4044	2568	svchost.exe	128
PID 4744 set thread context of 2920	4744	svchost.exe	129
PID 4320 set thread context of 2344	4320	svchost.exe	131
PID 5116 set thread context of 2740	5116	svchost.exe	133
PID 844 set thread context of 3160	844	svchost.exe	137
PID 1792 set thread context of 4504	1792	svchost.exe	139
PID 3388 set thread context of 4624	3388	svchost.exe	144
PID 628 set thread context of 2900	628	svchost.exe	145
PID 3420 set thread context of 568	3420	svchost.exe	148
PID 4752 set thread context of 2896	4752	svchost.exe	150
PID 3088 set thread context of 3640	3088	svchost.exe	152
PID 3216 set thread context of 364	3216	svchost.exe	156
PID 748 set thread context of 4876	748	svchost.exe	157
PID 1892 set thread context of 332	1892	svchost.exe	159
PID 1468 set thread context of 2288	1468	svchost.exe	161
PID 4944 set thread context of 4868	4944	svchost.exe	163
PID 2056 set thread context of 2908	2056	svchost.exe	165
PID 4360 set thread context of 3724	4360	svchost.exe	167
PID 1376 set thread context of 1664	1376	svchost.exe	169
PID 764 set thread context of 5084	764	svchost.exe	171
PID 2852 set thread context of 4764	2852	svchost.exe	173
PID 2744 set thread context of 1792	2744	svchost.exe	175
PID 3448 set thread context of 1696	3448	svchost.exe	177
PID 4552 set thread context of 2232	4552	svchost.exe	181
PID 4200 set thread context of 3424	4200	svchost.exe	185
PID 1340 set thread context of 4584	1340	svchost.exe	187
PID 680 set thread context of 1480	680	svchost.exe	190
PID 3640 set thread context of 3216	3640	svchost.exe	191
PID 676 set thread context of 1832	676	svchost.exe	193
PID 3140 set thread context of 2132	3140	svchost.exe	197
PID 4828 set thread context of 3952	4828	svchost.exe	198
PID 1568 set thread context of 2736	1568	svchost.exe	200
PID 4016 set thread context of 2908	4016	svchost.exe	202
PID 5048 set thread context of 4872	5048	svchost.exe	204
PID 4112 set thread context of 3724	4112	svchost.exe	206
PID 2992 set thread context of 2136	2992	svchost.exe	208
PID 4948 set thread context of 2208	4948	svchost.exe	210
PID 3444 set thread context of 4780	3444	svchost.exe	212
PID 4340 set thread context of 4432	4340	svchost.exe	220
PID 4552 set thread context of 5076	4552	svchost.exe	221
PID 1456 set thread context of 4240	1456	svchost.exe	222
PID 3288 set thread context of 1480	3288	svchost.exe	229
PID 2856 set thread context of 2824	2856	svchost.exe	231
PID 4420 set thread context of 3140	4420	svchost.exe	234
PID 332 set thread context of 540	332	svchost.exe	235
PID 220 set thread context of 1432	220	svchost.exe	237
PID 4860 set thread context of 4452	4860	svchost.exe	239
PID 4588 set thread context of 1300	4588	svchost.exe	241
PID 4872 set thread context of 3724	4872	svchost.exe	243
PID 4668 set thread context of 4912	4668	svchost.exe	245

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2060	svchost.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2108	output.exe
Token: SeDebugPrivilege	2108	output.exe
Token: SeTcbPrivilege	2108	output.exe
Token: SeShutdownPrivilege	2060	svchost.exe
Token: SeDebugPrivilege	2060	svchost.exe
Token: SeTcbPrivilege	2060	svchost.exe
Token: SeShutdownPrivilege	628	svchost.exe
Token: SeDebugPrivilege	628	svchost.exe
Token: SeTcbPrivilege	628	svchost.exe
Token: SeShutdownPrivilege	396	svchost.exe
Token: SeDebugPrivilege	396	svchost.exe
Token: SeTcbPrivilege	396	svchost.exe
Token: SeShutdownPrivilege	3712	svchost.exe
Token: SeDebugPrivilege	3712	svchost.exe
Token: SeTcbPrivilege	3712	svchost.exe
Token: SeShutdownPrivilege	4080	svchost.exe
Token: SeDebugPrivilege	4080	svchost.exe
Token: SeTcbPrivilege	4080	svchost.exe
Token: SeShutdownPrivilege	4596	svchost.exe
Token: SeDebugPrivilege	4596	svchost.exe
Token: SeTcbPrivilege	4596	svchost.exe
Token: SeShutdownPrivilege	2460	svchost.exe
Token: SeDebugPrivilege	2460	svchost.exe
Token: SeTcbPrivilege	2460	svchost.exe
Token: SeShutdownPrivilege	2816	svchost.exe
Token: SeDebugPrivilege	2816	svchost.exe
Token: SeTcbPrivilege	2816	svchost.exe
Token: SeShutdownPrivilege	4240	svchost.exe
Token: SeDebugPrivilege	4240	svchost.exe
Token: SeTcbPrivilege	4240	svchost.exe
Token: SeShutdownPrivilege	3848	svchost.exe
Token: SeDebugPrivilege	3848	svchost.exe
Token: SeTcbPrivilege	3848	svchost.exe
Token: SeShutdownPrivilege	464	svchost.exe
Token: SeDebugPrivilege	464	svchost.exe
Token: SeTcbPrivilege	464	svchost.exe
Token: SeShutdownPrivilege	332	svchost.exe
Token: SeDebugPrivilege	332	svchost.exe
Token: SeTcbPrivilege	332	svchost.exe
Token: SeShutdownPrivilege	4920	svchost.exe
Token: SeDebugPrivilege	4920	svchost.exe
Token: SeTcbPrivilege	4920	svchost.exe
Token: SeShutdownPrivilege	4044	svchost.exe
Token: SeDebugPrivilege	4044	svchost.exe
Token: SeTcbPrivilege	4044	svchost.exe
Token: SeShutdownPrivilege	2920	svchost.exe
Token: SeDebugPrivilege	2920	svchost.exe
Token: SeTcbPrivilege	2920	svchost.exe
Token: SeShutdownPrivilege	2344	svchost.exe
Token: SeDebugPrivilege	2344	svchost.exe
Token: SeTcbPrivilege	2344	svchost.exe
Token: SeShutdownPrivilege	2740	svchost.exe
Token: SeDebugPrivilege	2740	svchost.exe
Token: SeTcbPrivilege	2740	svchost.exe
Token: SeShutdownPrivilege	3160	svchost.exe
Token: SeDebugPrivilege	3160	svchost.exe
Token: SeTcbPrivilege	3160	svchost.exe
Token: SeShutdownPrivilege	4504	svchost.exe
Token: SeDebugPrivilege	4504	svchost.exe
Token: SeTcbPrivilege	4504	svchost.exe
Token: SeShutdownPrivilege	4624	svchost.exe
Token: SeDebugPrivilege	4624	svchost.exe
Token: SeTcbPrivilege	4624	svchost.exe
Token: SeShutdownPrivilege	2900	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2060	svchost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 3020	1260	d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe	88
PID 1260 wrote to memory of 3020	1260	d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe	88
PID 1260 wrote to memory of 3020	1260	d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe	88
PID 1260 wrote to memory of 4748	1260	d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe	89
PID 1260 wrote to memory of 4748	1260	d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe	89
PID 1260 wrote to memory of 4748	1260	d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe	89
PID 4748 wrote to memory of 2108	4748	output.exe	90
PID 4748 wrote to memory of 2108	4748	output.exe	90
PID 4748 wrote to memory of 2108	4748	output.exe	90
PID 4748 wrote to memory of 2108	4748	output.exe	90
PID 4748 wrote to memory of 2108	4748	output.exe	90
PID 4748 wrote to memory of 2108	4748	output.exe	90
PID 4748 wrote to memory of 2108	4748	output.exe	90
PID 4748 wrote to memory of 2108	4748	output.exe	90
PID 2108 wrote to memory of 4952	2108	output.exe	91
PID 2108 wrote to memory of 4952	2108	output.exe	91
PID 2108 wrote to memory of 4952	2108	output.exe	91
PID 4952 wrote to memory of 2060	4952	svchost.exe	92
PID 4952 wrote to memory of 2060	4952	svchost.exe	92
PID 4952 wrote to memory of 2060	4952	svchost.exe	92
PID 4952 wrote to memory of 2060	4952	svchost.exe	92
PID 4952 wrote to memory of 2060	4952	svchost.exe	92
PID 4952 wrote to memory of 2060	4952	svchost.exe	92
PID 4952 wrote to memory of 2060	4952	svchost.exe	92
PID 4952 wrote to memory of 2060	4952	svchost.exe	92
PID 2060 wrote to memory of 2860	2060	svchost.exe	93
PID 2060 wrote to memory of 2860	2060	svchost.exe	93
PID 2060 wrote to memory of 2860	2060	svchost.exe	93
PID 2860 wrote to memory of 628	2860	svchost.exe	94
PID 2860 wrote to memory of 628	2860	svchost.exe	94
PID 2860 wrote to memory of 628	2860	svchost.exe	94
PID 2860 wrote to memory of 628	2860	svchost.exe	94
PID 2860 wrote to memory of 628	2860	svchost.exe	94
PID 2860 wrote to memory of 628	2860	svchost.exe	94
PID 2860 wrote to memory of 628	2860	svchost.exe	94
PID 2860 wrote to memory of 628	2860	svchost.exe	94
PID 2060 wrote to memory of 4180	2060	svchost.exe	95
PID 2060 wrote to memory of 4180	2060	svchost.exe	95
PID 2060 wrote to memory of 4180	2060	svchost.exe	95
PID 4180 wrote to memory of 396	4180	svchost.exe	96
PID 4180 wrote to memory of 396	4180	svchost.exe	96
PID 4180 wrote to memory of 396	4180	svchost.exe	96
PID 4180 wrote to memory of 396	4180	svchost.exe	96
PID 4180 wrote to memory of 396	4180	svchost.exe	96
PID 4180 wrote to memory of 396	4180	svchost.exe	96
PID 4180 wrote to memory of 396	4180	svchost.exe	96
PID 4180 wrote to memory of 396	4180	svchost.exe	96
PID 2060 wrote to memory of 1636	2060	svchost.exe	98
PID 2060 wrote to memory of 1636	2060	svchost.exe	98
PID 2060 wrote to memory of 1636	2060	svchost.exe	98
PID 1636 wrote to memory of 3712	1636	svchost.exe	99
PID 1636 wrote to memory of 3712	1636	svchost.exe	99
PID 1636 wrote to memory of 3712	1636	svchost.exe	99
PID 1636 wrote to memory of 3712	1636	svchost.exe	99
PID 1636 wrote to memory of 3712	1636	svchost.exe	99
PID 1636 wrote to memory of 3712	1636	svchost.exe	99
PID 1636 wrote to memory of 3712	1636	svchost.exe	99
PID 1636 wrote to memory of 3712	1636	svchost.exe	99
PID 2060 wrote to memory of 5028	2060	svchost.exe	100
PID 2060 wrote to memory of 5028	2060	svchost.exe	100
PID 2060 wrote to memory of 5028	2060	svchost.exe	100
PID 5028 wrote to memory of 4080	5028	svchost.exe	102
PID 5028 wrote to memory of 4080	5028	svchost.exe	102
PID 5028 wrote to memory of 4080	5028	svchost.exe	102

C:\Users\Admin\AppData\Local\Temp\d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d4b14e479e91f770b131d2384cfd31cd_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Users\Admin\AppData\Local\Temp\Fortnite Aimbot Tool.exe
  "C:\Users\Admin\AppData\Local\Temp\Fortnite Aimbot Tool.exe"
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Users\Admin\AppData\Local\Temp\output.exe
  "C:\Users\Admin\AppData\Local\Temp\output.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Users\Admin\AppData\Local\Temp\output.exe
    "C:\Users\Admin\AppData\Local\Temp\output.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\ProgramData\Users\svchost.exe
      "C:\ProgramData\Users\svchost.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of WriteProcessMemory
      PID:4952
    - - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2060
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2860
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:628
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4180
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:396
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:1636
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3712
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:5028
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4080
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4964
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4596
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3452
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:2460
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1464
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2816
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4600
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:4240
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        
        PID:2244
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:964
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:3848
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3804
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:464
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5068
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:332
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        
        PID:4436
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        
        PID:2864
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1528
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4920
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        
        PID:3348
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2568
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4044
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4744
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2920
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4320
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2344
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5116
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2740
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        
        PID:2196
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1792
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4504
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:844
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3160
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        
        PID:2100
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3388
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4624
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:628
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:2900
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3420
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        
        PID:568
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4752
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        
        PID:2896
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3088
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        
        PID:3640
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        
        PID:3296
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3216
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Executes dropped EXE
        
        PID:364
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:748
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        
        PID:4876
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1892
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Executes dropped EXE
        
        PID:332
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:1468
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2288
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4944
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4868
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:2056
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2908
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4360
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:3724
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:1376
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1664
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:764
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5084
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:2852
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4764
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:2744
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1792
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:3448
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1696
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4692
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4552
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:2232
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4344
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2900
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Suspicious use of SetThreadContext
        
        PID:1340
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:4584
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4200
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3424
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1868
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Suspicious use of SetThreadContext
        
        PID:680
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:1480
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:3640
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3216
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:676
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1832
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3748
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Suspicious use of SetThreadContext
        
        PID:3140
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:2132
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4828
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3952
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:1568
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2736
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4016
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2908
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:5048
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4872
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4112
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:3724
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:2992
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2136
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4948
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:2208
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:3444
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4780
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3160
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1176
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Suspicious use of SetThreadContext
        
        PID:4340
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:4432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1812
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2996
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Suspicious use of SetThreadContext
        
        PID:1456
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:4240
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4552
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5076
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1080
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:964
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Suspicious use of SetThreadContext
        
        PID:3288
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:1480
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3848
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3624
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Suspicious use of SetThreadContext
        
        PID:2856
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:2824
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2220
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4420
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:3140
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:332
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:540
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:220
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4860
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:4452
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4588
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:1300
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4872
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3724
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        Suspicious use of SetThreadContext
        
        PID:4668
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4912
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5084
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4696
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2812
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:2604
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1176
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4024
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4640
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3172
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:2956
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3384
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3916
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:1240
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:964
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3992
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2420
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3216
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4528
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4492
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:1912
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1204
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1528
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:540
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4312
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5080
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3136
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1444
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1784
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:408
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:640
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2584
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:556
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4912
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4328
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:1408
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3656
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:4232
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4612
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2460
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3424
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1792
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3064
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2876
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:3624
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4356
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2408
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3008
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4536
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2824
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:452
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2328
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4868
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:4044
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3248
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4300
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3136
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2136
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1300
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1712
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4764
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2208
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2920
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1940
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:444
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:4628
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4696
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1632
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4232
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1680
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2376
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4664
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:4788
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2624
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1132
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3624
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4940
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2856
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4492
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3032
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3156
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:3768
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5032
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2236
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:2112
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2416
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4748
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:400
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3560
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3636
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5108
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4128
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2352
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4576
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4628
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:3808
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:3024
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3520
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2956
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3144
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4408
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1832
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2320
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:736
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2568
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3140
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1104
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2120
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2236
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4544
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3332
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4748
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:556
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1316
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2604
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:3868
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2816
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2160
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5076
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4688
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:364
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4788
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4240
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:8
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:988
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:544
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4452
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:3052
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2136
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1992
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4952
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:4524
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2900
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1316
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:1632
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:656
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:448
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:444
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:4432
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:364
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        10⤵
        
        PID:4056
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        11⤵
        
        PID:4780
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3988
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4048
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4936
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:224
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:1432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4240
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1784
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:2748
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3052
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4524
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3472
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4628
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:1492
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1680
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:3024
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3240
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:4968
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2320
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2928
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:780
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2360
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2112
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4044
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3152
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:1696
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2344
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1564
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4328
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:656
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3288
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4876
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:3156
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:3396
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        10⤵
        
        PID:2120
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2912
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4920
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2284
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:640
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:4748
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:1696
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1992
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4544
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1632
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:4628
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3604
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:364
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5108
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:4244
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2904
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4684
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:944
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:856
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3268
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1316
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:4748
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4928
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3608
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:3812
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3728
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1724
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:4452
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:1432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3796
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2340
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:2928
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1608
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3096
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1140
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1132
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1316
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4440
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1564
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:376
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4548
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4452
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:4684
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:2748
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        10⤵
        
        PID:4524
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2340
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:932
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1784
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:1304
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4940
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2512
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:4424
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1548
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4968
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4920
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2308
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4544
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:656
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5052
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1304
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5072
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3140
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4604
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4684
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3560
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1784
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4432
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2512
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:2356
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:364
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        10⤵
        
        PID:4684
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        11⤵
        
        PID:4524
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2300
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4968
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1132
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:952
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2360
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2928
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:2120
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2976
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1696
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4684
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:376
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4424
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2152
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3028
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1540
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3812
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2360
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2736
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2120
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2444
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3256
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3964
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:2748
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1200
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1492
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:452
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        Adds Run key to start application
        
        PID:1132
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1784
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4524
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:3156
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:4352
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1432
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:640
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:1132
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2512
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2580
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:1492
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2504
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2748
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:2580
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4352
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1132
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4440
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:640
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4408
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3256
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:2540
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1540
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5092
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5164
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5192
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5224
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5264
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5308
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5288
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5320
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5376
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5528
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5544
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5584
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5596
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5640
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:5688
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5648
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5676
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5736
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5764
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5800
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5780
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5816
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:5868
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5848
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5880
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5936
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5956
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5972
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6016
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6036
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6068
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6084
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6120
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4992
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3572
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5160
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:640
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5180
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5240
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5196
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5328
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5336
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5384
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5400
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:5488
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5324
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5416
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2872
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5576
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5304
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5580
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2088
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4088
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5660
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5656
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5676
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5732
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5808
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:5824
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5788
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5800
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5860
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5928
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5880
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6004
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5984
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6020
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:6100
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6076
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6072
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:4056
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1492
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5148
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5144
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:2580
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5340
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5316
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5272
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5320
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5396
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5200
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5260
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5428
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5392
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4348
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5304
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5644
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5680
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5708
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5712
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5756
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5888
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5816
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5900
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5884
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5960
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5872
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5964
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6060
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6064
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6132
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:3256
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6104
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5136
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3572
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5160
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5332
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5248
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:5176
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5364
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5276
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5540
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5588
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5628
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5576
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5624
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5412
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5704
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5680
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5748
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5708
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3700
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2020
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5896
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5932
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5724
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5796
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5952
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5928
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4956
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5924
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5156
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2120
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5136
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5236
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5300
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3156
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5320
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5252
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5384
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5572
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3772
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5684
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5628
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5716
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5632
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5720
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1276
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:228
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5944
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6004
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5844
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6116
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5952
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6128
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6108
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:6140
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6068
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5092
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6020
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5316
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5248
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5276
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5400
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5556
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:4564
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5568
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5704
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5764
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5716
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5840
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5560
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5908
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5912
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6016
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:6116
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:6092
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6028
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4956
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:6108
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:5092
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5952
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5180
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5268
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5308
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5276
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5920
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5728
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3772
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2008
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5720
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5684
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5904
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5864
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5416
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5124
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5960
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6064
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5152
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5968
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5348
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6120
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5524
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5500
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5532
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5552
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5920
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5744
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3772
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1344
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3700
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5904
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        Adds Run key to start application
        
        PID:5124
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:228
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5772
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5212
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5160
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5392
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5424
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2088
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5672
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5748
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2124
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5756
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6048
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6016
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5868
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5148
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5348
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2748
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5556
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5308
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5700
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5624
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5640
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1764
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6048
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:184
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:452
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:5200
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5868
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5480
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6032
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4564
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:212
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5988
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5772
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5384
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:5480
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6044
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5348
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:424
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:4564
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5200
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5440
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5512
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6008
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3724
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5220
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5804
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:100
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5328
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6096
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:2524
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:4976
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5460
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5436
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3700
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5668
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2368
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5260
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5140
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5524
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5464
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2108
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6096
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5492
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5496
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1236
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5668
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:1184
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5896
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5840
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5220
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2124
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:772
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2108
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:5436
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3824
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2620
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1660
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:4296
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5668
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5476
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5468
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1184
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5584
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4976
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2956
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4704
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5448
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:100
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4296
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5476
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1148
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3568
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1980
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:4144
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2108
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5492
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5504
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1936
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2956
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2612
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2524
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5124
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5556
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3568
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5696
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6064
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        Adds Run key to start application
        
        PID:1008
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4144
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:876
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5160
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:3568
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:5448
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5040
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5988
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:1936
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:2972
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6064
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:3628
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5260
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:2024
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5492
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5448
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1604
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5764
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:5432
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:5492
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:5672
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:3568
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:4572
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:1152
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6160
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6196
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:6228
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6204
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:6240
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6308
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        Adds Run key to start application
        
        PID:6332
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6356
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6388
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6412
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6440
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:6472
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        9⤵
        
        PID:6524
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6456
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6488
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        8⤵
        
        PID:6532
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6496
        
        C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe"
        7⤵
        
        PID:6544
      - C:\ProgramData\Users\svchost.exe
        
        "C:\ProgramData\Users\svchost.exe" 2060
        6⤵
        
        PID:6608

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Fortnite Aimbot Tool.exe

Filesize
305KB

MD5
e16e05780fa2895ceb238e94595beb12

SHA1
15f0cb18a34564967cf5e9ed0a54bdb450060a35

SHA256
77196b773e573996e27d8c0dfc51cee1d56bdeb5b060639fe93ad27c3eafff0d

SHA512
acecce7206158d89e643b16aa19ece64b0a0695bc258b3d7f3c326186acbea1892f89e7df2b9cfa054ee90a2fce1fcb0f87f45c35b7207b042930f5dd5c946ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\output.exe

Filesize
388KB

MD5
325d1e5bc8f10dc98bba785104a9515c

SHA1
f97a9bb6876f9cc5c7ac6e27147eed5196c88811

SHA256
21b8ea301118936c169000e96e78996dde0da5a6c1d25fa2b37ee9fda383411c

SHA512
ee5777b4f9ca26aa851a84e209df5a5bc13abd551740163032e077a9aae00beae0508ac63e8ce4719ae997553eb1f8ccdf73ba3a3d73cf8d5ebb259832f68eab

Download Submit
memory/332-138-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/332-248-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/332-249-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/364-240-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/396-69-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/464-131-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/568-215-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/628-62-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1260-2-0x0000000001180000-0x0000000001190000-memory.dmp

Filesize
64KB

Download
memory/1260-0-0x0000000075340000-0x00000000758F1000-memory.dmp

Filesize
5.7MB

Download
memory/1260-23-0x0000000075340000-0x00000000758F1000-memory.dmp

Filesize
5.7MB

Download
memory/1260-1-0x0000000075340000-0x00000000758F1000-memory.dmp

Filesize
5.7MB

Download
memory/1480-322-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1480-320-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1664-276-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1696-297-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1792-292-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-46-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-44-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-48-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-50-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-49-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-52-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-53-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-54-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-125-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2060-47-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2108-38-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2108-32-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2108-31-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2108-27-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2232-302-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2288-254-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2344-171-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2460-99-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2740-247-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2740-178-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2816-106-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2896-222-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2900-208-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2908-264-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/2920-164-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/3020-113-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/3020-39-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/3020-42-0x0000000005160000-0x000000000516A000-memory.dmp

Filesize
40KB

Download
memory/3020-45-0x0000000005400000-0x0000000005456000-memory.dmp

Filesize
344KB

Download
memory/3020-98-0x00000000722D0000-0x0000000072A80000-memory.dmp

Filesize
7.7MB

Download
memory/3020-58-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/3020-25-0x00000000722D0000-0x0000000072A80000-memory.dmp

Filesize
7.7MB

Download
memory/3020-30-0x0000000005780000-0x0000000005D24000-memory.dmp

Filesize
5.6MB

Download
memory/3020-129-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/3020-33-0x0000000005270000-0x0000000005302000-memory.dmp

Filesize
584KB

Download
memory/3020-26-0x0000000005090000-0x000000000512C000-memory.dmp

Filesize
624KB

Download
memory/3020-24-0x00000000006C0000-0x0000000000712000-memory.dmp

Filesize
328KB

Download
memory/3160-190-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/3424-307-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/3640-229-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/3712-76-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/3724-269-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/3848-127-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4044-158-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4080-83-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4080-84-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4240-114-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4504-193-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4584-313-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4596-91-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4624-205-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4764-287-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4868-259-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4868-312-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4876-242-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4920-154-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/5084-282-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/5084-281-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads