General
-
Target
red.zip
-
Size
7.2MB
-
Sample
240513-hwaf6see77
-
MD5
5c11f61a444a73d448f0d97e102bbb19
-
SHA1
c6371282cda2168be1eb9bfb1599cca28209d558
-
SHA256
54a724762de2b08068bc2bf0fc6c7404bb89bdf62f75cac32b4fb8687c10c747
-
SHA512
73edb556643b78bcdc203ab4f98dfbf620c6965b694170d9fd713c0761c409dc61bedd35352b8c5b74dcac7492ea4d97a60da19a91083a256e8e6631c17a67fb
-
SSDEEP
196608:v94YhswUyeXgSy4T2wh3YNuhfTOq/yqZzE+wZvK/MgQuqwSc:FXuwely4TFYgrH/yqZzE9K/PL
Malware Config
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
amadey
3.86
http://77.91.68.61
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Extracted
redline
kira
77.91.68.48:19071
-
auth_value
1677a40fd8997eb89377e1681911e9c6
Extracted
lumma
https://acceptabledcooeprs.shop/api
https://obsceneclassyjuwks.shop/api
https://zippyfinickysofwps.shop/api
https://miniaturefinerninewjs.shop/api
https://plaintediousidowsko.shop/api
https://sweetsquarediaslw.shop/api
https://holicisticscrarws.shop/api
https://boredimperissvieos.shop/api
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Extracted
redline
krast
77.91.68.68:19071
-
auth_value
9059ea331e4599de3746df73ccb24514
Extracted
redline
grom
77.91.68.68:19071
-
auth_value
9ec3129bff410b89097d656d7abc33dc
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
divan
217.196.96.102:4132
-
auth_value
b414986bebd7f5a3ec9aee0341b8e769
Targets
-
-
Target
062bf5eda95fa04c7146882ac1efb5ae43eaee0cd4c121db8c1c2edf9412932b
-
Size
1.0MB
-
MD5
22b5f7bbf08fd60f2ee850f51efede9e
-
SHA1
9ad6d7fdfda1459be16d4e59547a0d933f7c9551
-
SHA256
062bf5eda95fa04c7146882ac1efb5ae43eaee0cd4c121db8c1c2edf9412932b
-
SHA512
6fcb688dd391ed951fef4cd75c8935f65dde1f99658eb8b3438f40837050eb77cdd5425b0325c0b4df069a8dc83bc9ae53d464612f76ebb4914f222f22272744
-
SSDEEP
24576:XypmCQ2FZ4/Ldo7RGJawprnjhmJcVGTEq:ivFsLdQRIrjYc7
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
16b83c892688e1869a75fcf88075e1a7a0983c284c41a7ff721e23cb6b9c9f86
-
Size
389KB
-
MD5
1e6d0394a9335f03d83a7f498df12ec8
-
SHA1
aa25774159336873d0799b11546d7cec88ebca87
-
SHA256
16b83c892688e1869a75fcf88075e1a7a0983c284c41a7ff721e23cb6b9c9f86
-
SHA512
4bb7c4a3706e4056f6cc38e46dafab8e6bd463a148d5bc46197f7957f750d51c6d98903eeebe5b560283d1e15536bebad88c364e3776d5b804d99f36b8a17393
-
SSDEEP
6144:Kqy+bnr+gp0yN90QE+rBmAS9kW2PZNK9zG1evw+IsQnjCgK83sE6ZnRC7D4I/FWB:uMrIy90wsAS/kBQk6o7D4I6d
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
1d059ca891566e0006cb4534dc4ff845fedd1d3d468c12366e12f98a815ed7d4
-
Size
389KB
-
MD5
2983d487675b8e857be5cc87ecf3a3f9
-
SHA1
5dee58d99ebb08bee6f7210ab933e0adeed7930c
-
SHA256
1d059ca891566e0006cb4534dc4ff845fedd1d3d468c12366e12f98a815ed7d4
-
SHA512
f547d694a853e4f0924f54cd7d22d7b384b15e58b45749947df5a5b44c9981d8319c6a537c8b3e517e1ece5de8be98bf95251aee51258bafd948bad269e8b866
-
SSDEEP
6144:KOy+bnr+ep0yN90QE+d2iPWnGyF4ts9EO6GGvo5o8egBZ+t4nDSKWWE3k33GMC:iMruy904d2om56j6RegBYCnprKk3O
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
51d640efcf425557c7e898a690d229994ff2fc0610138596398e8cdd60583244
-
Size
390KB
-
MD5
29559e945f56a313b5e9264dd6ca7a3b
-
SHA1
008abf8dd4f1da5ce1cac168e042ef8bcee54607
-
SHA256
51d640efcf425557c7e898a690d229994ff2fc0610138596398e8cdd60583244
-
SHA512
f2dd23e29d5ef28323a0b4741e6ab5c79deeba8dd27bc0565826700e87350ab5f74059e669be30f28054e2e52af57519193099abe75b56be2f65d7071542c14c
-
SSDEEP
12288:TMroy90EgA20duD7uAomGFLqcHnl9movoHz:LyVgAy7uGGFL5Ha
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
68c37c83076969c58d0363958646c7804b3b22fd50f04aa720bc28b07793816a
-
Size
514KB
-
MD5
805f458c4e4cafdc121c09022e7065a1
-
SHA1
a7876edbb4b0df6770d9de1b3eec3d10b9341f0b
-
SHA256
68c37c83076969c58d0363958646c7804b3b22fd50f04aa720bc28b07793816a
-
SHA512
49ae31bcc03ce37884dea632ae0e2f2b46a145d2fbf081f83ab9854aef849a6988a3bc614676f50c9ea2fa209fad269cec271fffaa08fdca610494aea4ecc840
-
SSDEEP
12288:6Mr+y90vfhcrO1YnhEibozGpgA5UcjKy+:8ykfOrcYloyaKKD
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
764d92d88ba9348555a1351396433cb6b93afd1bc3dcf27a5a06c2bb7aed5c5f
-
Size
515KB
-
MD5
2154ece6d371bfbe7b76969405904f7e
-
SHA1
39f7c2f9abe69a8dc9b42853d10e330b93c9858d
-
SHA256
764d92d88ba9348555a1351396433cb6b93afd1bc3dcf27a5a06c2bb7aed5c5f
-
SHA512
da64833b8c9a80598631242e5649164230f586d26e6171af7fac767496319a2e7147df082f7294a7faeb6e97843c03f4031ebfac1244ffab3804102e293a857f
-
SSDEEP
12288:ZMr7y90W5WJa5xOzgYAkrlzdEEcjXAyEc6hoMzR3VFKTv2h:uyfxOpRzKEOAyEphtzhrKTg
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
853890cb435781965f3dc9618397058d03c8d3e59706ede7d308b4afe12cbe68
-
Size
514KB
-
MD5
1e403ea018e300ab5fa01dc6722fd8a6
-
SHA1
b84fea8ce4026eb79d8048b8c2af1d21ecf1364c
-
SHA256
853890cb435781965f3dc9618397058d03c8d3e59706ede7d308b4afe12cbe68
-
SHA512
51c703ee4d4c66c3c94d54f96691490b9dddd2260472b48f728f09712b081726e60bc6e1a1df1fe4306b99ab594065512bbce2f44587be7a7461a53dd7c6e244
-
SSDEEP
12288:fMrdy90UdEtCZ8v/PXBqYmXzGNmIubtV4xM6ijMEV:yy7ut3nx0XKNmIucBEV
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
94cb7f4064a3c804b1fa19c3f5dc17ae361ced8153e20bd02842c65e16d1e3ae
-
Size
307KB
-
MD5
24113d3ed2dc8ba8789b2874addb0750
-
SHA1
2901dff1dd1b5b619d48c8d04d22c185922e651b
-
SHA256
94cb7f4064a3c804b1fa19c3f5dc17ae361ced8153e20bd02842c65e16d1e3ae
-
SHA512
409754870b1cf18269d84a798f69e11cb54540d12217fc0674524ef0e3d42ce38d199d45b7e1b7cb96a70fff87704561b6208bb58bc2628881b9a3d7422aecc7
-
SSDEEP
6144:Kxy+bnr++p0yN90QEA5F5OYc1u31g4TBylzQbR/JOF:HMriy90mxc1u31TTEtQb1JOF
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
b37eb33077f476edc8499adec33a790467d8728ec752146ca687a56407fc5af6
-
Size
307KB
-
MD5
235ce5bf310f42d5677df1efbabbda6b
-
SHA1
2463a0dbf1fa683da0fe57a1d146ac7540be2979
-
SHA256
b37eb33077f476edc8499adec33a790467d8728ec752146ca687a56407fc5af6
-
SHA512
cb5ca76c4ccee243caa978550fcbd611cbf00fae872e3289cc429fd834f49414aeca54db771b3b4c1089f644735b05f8611d2ea192f053c9f29a3ffa0edafb74
-
SSDEEP
6144:KUy+bnr+op0yN90QEm5F5OYc1u31g4TByeLlzKwFZYXeS46:gMr0y90Yxc1u31TTEeLlz5kl46
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
b813f799e9c2f3b9ed25625bea968e14cbcad8bb1b3918ebcd79f631192ca017
-
Size
235KB
-
MD5
2180205f8ead587dd56762145e7f784f
-
SHA1
401ccddf09243f26c09e7c8b2d8bb49552835010
-
SHA256
b813f799e9c2f3b9ed25625bea968e14cbcad8bb1b3918ebcd79f631192ca017
-
SHA512
138b9393f587ff03c898e001f3d0c7d12a480dfeed417c6c7c22ff3dbd319a68e8ec977e0c0fcd951e3a18676f3ba0e127bc5adc3b69fe0f7bf43182a4fbb32a
-
SSDEEP
6144:KOy+bnr+Vp0yN90QEchQmyJXNcrGFySYCcHnlRHw7:aMrBy90mC+rGYYcHnl90
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
c1a9af1ad640c504ed95e8f26021a55d127de1e35d0794f2bdaddd1451de08d5
-
Size
390KB
-
MD5
27244e5f630cfab1b514ce4d15b1028b
-
SHA1
36c5eed78b2ce9e253c2e176e6d6ae6a8ab849b3
-
SHA256
c1a9af1ad640c504ed95e8f26021a55d127de1e35d0794f2bdaddd1451de08d5
-
SHA512
2cdcfee74150bcd5e656009d0b701b8b972a8844f3b4fe48708aea1d7883c92286ed0368a6b24efa0902ea2c99dbe97a48a06ddccd69543cd6835f4023b3a7c5
-
SSDEEP
6144:K6y+bnr+rp0yN90QEO8EikWGjZNJkp7w8ZWj9jJAVmAAhKAU4u:mMrjy90FEMvWj9jJrhKAu
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
cc6d978c1f4f3ff1c9f85ac715299464b6b106c70aeb9adce32b6d355ba45721
-
Size
309KB
-
MD5
290ff81ba12e0d1d1a636eb5a3de8823
-
SHA1
98ec545dbb97f4b7c55ee3fc91afe85d8e2d60aa
-
SHA256
cc6d978c1f4f3ff1c9f85ac715299464b6b106c70aeb9adce32b6d355ba45721
-
SHA512
f168ae49314180c63bd492aa57a7f74b629f4a4398772ade9e4cc9dbcf3e8f8d228beb23c81a668edc4351c892e32c7c0867f91a77a6a667d7151ddbcec2e6f4
-
SSDEEP
6144:KUy+bnr+sp0yN90QEM5F5OYc1u31g4TByQpv2+YtIpTA:IMrQy906xc1u31TTEQh2HtSA
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
cfdc6cd562d69f4233d6d8bcde44d4bd5e6825bd17383e6bb2f76b9fd006ead3
-
Size
514KB
-
MD5
2993a209322f7d93406fd78632f4a545
-
SHA1
e141503a5dc185ee91e131b8404ee5f563ff1cd1
-
SHA256
cfdc6cd562d69f4233d6d8bcde44d4bd5e6825bd17383e6bb2f76b9fd006ead3
-
SHA512
cb8d9e79b3ed4ba5711cd8933590ce1dd9e349f7a399c38650a1b3611c4a50a415f0b7de91701f3e77e8297d38bb433fc7fb3d53cfd1e46e76f99772aeabfc3b
-
SSDEEP
12288:cMrzy90i9beiGTgODcYq3pB/npmVb66azq:vy/bhGT5Pq3Lhm/
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
e81854abc9bd7ae970c918e0839982609691e44919d3a96eee12840676c28e1a
-
Size
1.0MB
-
MD5
250d1ecad815535932db86d951b6f70d
-
SHA1
9d56851eda02a979043c33ec98883e2655bacc30
-
SHA256
e81854abc9bd7ae970c918e0839982609691e44919d3a96eee12840676c28e1a
-
SHA512
ede2fc99fe086f427355d95e2b4fad0289da828f3105c5c2b9b48a8aee213928299725b55d066df7ce2f3c139ecdf38ff418bf20ac36244678f0f0d0a7a05c65
-
SSDEEP
24576:wyt+dYi+Bu0wW31dx/UEvzxRTkICQ/digppmVnXrBh:3tmYiN0t3VfB5VdpAV1
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
eaef827c83066a0c63b264b2910364be1a6d933a04f4d9f48d9610d9ea2cc465
-
Size
521KB
-
MD5
804f822677de79f678f189d03a3dff8e
-
SHA1
3b44bae19603206607b649854c5647977cdf8342
-
SHA256
eaef827c83066a0c63b264b2910364be1a6d933a04f4d9f48d9610d9ea2cc465
-
SHA512
1bb48995379688c2c6c5434f01dff8bc1d8ff63c1b9c1135452309fc76a2c94ee20f535b7a3d20db096809c0da4559b21c2382cd5d959b89799509e60a0c76a8
-
SSDEEP
12288:C5w2J603Ipd5YygcklMzX7/8JgNW8a7V+tQbkdDGrHO3kv6hd0Xp:C5wg3IXzqfgKodDGrzv6hO
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
ed835b70d57f3901ebdd0814415cbc64776d5bb9ee43a7077c0894540d7dde6c
-
Size
390KB
-
MD5
2115f838100aacbc3124baa1083c9d98
-
SHA1
7eb9e1272fdcbc6deec8fbdc06d609c69a0a88fc
-
SHA256
ed835b70d57f3901ebdd0814415cbc64776d5bb9ee43a7077c0894540d7dde6c
-
SHA512
7a8645ad4437cfa1833f826b9ed83dc329ecf14ceed774d5aea2982f305ee3c89cb69f4a72e31e4d78bc8ecb70937198a732c36e5b0914cce9f42fcf18bfd8d2
-
SSDEEP
6144:Kwy+bnr+Qp0yN90QEHQvEyqANvRS5KRQrw6kd7lmm39LBGGHlXve5oGvAe:wMr8y90QEyqANc6Qr5KAm9HFXaone
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
f48c36cb917c3b50876b9e4240a3abaae73007be0713d0630ca8279bfae862ef
-
Size
359KB
-
MD5
2787331b97e3aa4d3322ea6e057cdbde
-
SHA1
63a7e7bc5543dd7d46541dcedc7c75137d347fe0
-
SHA256
f48c36cb917c3b50876b9e4240a3abaae73007be0713d0630ca8279bfae862ef
-
SHA512
683f3aec82d00db1e691311a6e770a7ce828bb64cd1672261e9454d50580c7957d76f31b173b74f7fc1a14359b328970470b3002a74b09997f276503b5692bff
-
SSDEEP
6144:Key+bnr+Ip0yN90QETAAaLHM+RkWt7ZNm8gbAm6NzpjsRsyDDK16sP4/7lw4t:2Mr8y90tAAao+ObAmmZsWyK1b4/7Ge
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
16Windows Service
16Boot or Logon Autostart Execution
16Registry Run Keys / Startup Folder
16Scheduled Task/Job
10Privilege Escalation
Create or Modify System Process
16Windows Service
16Boot or Logon Autostart Execution
16Registry Run Keys / Startup Folder
16Scheduled Task/Job
10