General
-
Target
r.zip
-
Size
8.8MB
-
Sample
240523-myyn1adg33
-
MD5
3af2603e2b171e3f754e890166aae7a0
-
SHA1
3760376cf338f20197edcbd49a7c4fc490af0091
-
SHA256
e660be79de0932d6c5c0f1b65dc5d842ed790962625d5dd8731c30f46ae264a2
-
SHA512
88dce02d2c8bd667b310dab3e3c348ee20e30cebf97dcee2348eed81c7e24b01cacaa49d3d65916461ba63bc67e7e6ee63195e2cbac936b12ae5ce68fc72da6b
-
SSDEEP
196608:1i1wRlpx8FnIg3IXFyPuHjD10EuDl4fSmYC35eMFSwT0nxX8I:WupSqg3SgPwF0E0l4fS6nYxXZ
Malware Config
Extracted
amadey
3.69
32c858
http://77.91.124.242
-
install_dir
550693dc87
-
install_file
oneetx.exe
-
strings_key
148c8260bc34f461da3708ace57fdffd
-
url_paths
/games/category/index.php
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Extracted
redline
7001210066
https://pastebin.com/raw/NgsUAPya
Extracted
redline
5728088920
https://pastebin.com/raw/NgsUAPya
Extracted
redline
moner
77.91.124.82:19071
-
auth_value
a94cd9e01643e1945b296c28a2f28707
Extracted
redline
5345987420
https://pastebin.com/raw/NgsUAPya
Extracted
risepro
193.233.132.51
Targets
-
-
Target
005cc897c6fa2cdd0e0e44ec50a4f2ff3e7fa8269fe1ec09728e601cc06d9e01
-
Size
283KB
-
MD5
ab86908cd76d8fb31acbc81f1d0e717f
-
SHA1
9305a283901636088d83878f39be40f161b4d3ec
-
SHA256
005cc897c6fa2cdd0e0e44ec50a4f2ff3e7fa8269fe1ec09728e601cc06d9e01
-
SHA512
19d5256e60f3b6d823750458897cdf3e527c57cb3fd660ecc879b6bdac01a6422bbbb55eea3bc55df8da38db36b542ddd414acb0f781f30ed260244300d76e90
-
SSDEEP
6144:cXTGyOUIEvHeY7FaDeSqq3SD5eP6pwMCPuAtPAJPCiaoAckl:cayOFEH9eiD5Dwf+xCiaoA3l
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
0f5dadb4ffffdd1baa1ca124e7bb4eaf0a415a1b71fc3e54a6944ac0f07a7cd5
-
Size
271KB
-
MD5
5af274b4ec34f8ca1aa618b4683ca763
-
SHA1
560dfe709ea698121da7425ee91c19d6a590c128
-
SHA256
0f5dadb4ffffdd1baa1ca124e7bb4eaf0a415a1b71fc3e54a6944ac0f07a7cd5
-
SHA512
ca99f4d57e2af2f5a5865d90411b563f6055cf78b0dadc399eaab2e186185ecc76c554766d7d9b15bbe21fcc37bcf11a1b6124d2191067085ffe4e495969a1ff
-
SSDEEP
6144:Kcy+bnr+fp0yN90QE/d3Y9n7/kYcDBn0X9sVhLnK:wMrLy90Zdo9n7+9n+9sV1nK
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
15191ca5733dc24267c62d313d67d3b681de7a4926e8471dff771f7f746cf345
-
Size
696KB
-
MD5
1e67de39f39ec0ebf57a99f3c9792db4
-
SHA1
d48b53c6db8b76e897bed7fcf4d71a4b251761e2
-
SHA256
15191ca5733dc24267c62d313d67d3b681de7a4926e8471dff771f7f746cf345
-
SHA512
207f4467ff437c5ee0c1bcfffbc4c9e04730f4425675284a796d139fd7847b5860ec0e519d0bddf522c5d61fd1e8b6b1843a4ca647655e470d223782e5408576
-
SSDEEP
12288:nMrfy90WDGzmGYraY2DHabvD7z61CHlrdMJY1v2w7N2dnPcAXej5+uttq1:QyrMmGYranDiYCHvUa7Y0AXw+utk1
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
1f1cdd32efd5cdc4a70d77af2754296f6ddbca64d78c083caa19118964d61da5
-
Size
273KB
-
MD5
9eb90d3a283b6c0a51d202b34bce84d6
-
SHA1
3e17c2aa3112209da575be3ffc32e8afab044c15
-
SHA256
1f1cdd32efd5cdc4a70d77af2754296f6ddbca64d78c083caa19118964d61da5
-
SHA512
926ec63964194e962605a0a11eee363fc12039c81f2f693be27f6a1cae00411c8df7eee0efdd4ad5f9efd5d20abb4d12076ba18a57708b92879ea1ec9ecb9f25
-
SSDEEP
6144:aKePsi5kV1JFQRlai+JIPzazXQtZ8/6Xhk8MZe9a6n:HePs6pa5eTa/8VMKFn
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
33277efd72a246f701b9c69dc414ee0ebab7e3cb5f576fa767dd942f09ac2dbf
-
Size
273KB
-
MD5
c296de24cfb32f1d09275c9b40927968
-
SHA1
f6c706e5385f58f9c2d7a4d985939fba186cd516
-
SHA256
33277efd72a246f701b9c69dc414ee0ebab7e3cb5f576fa767dd942f09ac2dbf
-
SHA512
5ac2fb1b8ce388eb499bd5044e724a4e85eae9bad3fdb93c7442caf6741544e7a6c00c7b89902e2b899e0d8f9e2c5fbb099a651085bfad7ab7716fc28291497b
-
SSDEEP
6144:K3LM7xuP5m0WGhvTd8AvI9S3XXv2o+T5Zsf1SKMZa6n:eM7xkPPvrv2o+T5ISK+Fn
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
39b1b5acca4de23a0180f902e3a92a03033ff877100271cfa20f0e782d62e989
-
Size
775KB
-
MD5
518d56de794e08273f40085fc2be0acf
-
SHA1
d115261637ef8a238a243688c3ca02fd7d6bb5d1
-
SHA256
39b1b5acca4de23a0180f902e3a92a03033ff877100271cfa20f0e782d62e989
-
SHA512
0356446ad9aac3c448e19d06e79748619fed711571b770042ee504449b4cb25b7d866fe61538f7277104d6d300390ca7e0d089e6187b4b5932537ef47a6e128c
-
SSDEEP
24576:/yhXtYjSDrBNRzGDFv1JkyKbo+2VV+C01:KhXtY+5NwDVDrK8+22
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
41914bb3aa2d5a67292b5d348f81c71672076d674269fd9bfcbdb103aebf3d45
-
Size
573KB
-
MD5
0c7a698755d3a0db87584d0d86523f1c
-
SHA1
947927f32c7cb1d2a9d7fd43740d648a549b16ad
-
SHA256
41914bb3aa2d5a67292b5d348f81c71672076d674269fd9bfcbdb103aebf3d45
-
SHA512
2ac6520c11a105ca384285531c7667c042a37e856b568f2e4be758ec96cf4941450bd3a33877fecd7a9bc3ef20e16fc0c10b98badedcab7fbdcbdeceb79f4d28
-
SSDEEP
12288:sMr6y90K4gJ+5yAyRaogaODZ6ELUn4UPljBancq:2ywyiaU3LI5Pzacq
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
4dc93952d5fe7ecacd61cc033cbd3cdb682618f54ff89b22880ba0684a40e205
-
Size
769KB
-
MD5
a28e02cea1b7ab4227eb6f443baaa343
-
SHA1
4e453fcdee3aa118a5309f8c4001d6348a153df2
-
SHA256
4dc93952d5fe7ecacd61cc033cbd3cdb682618f54ff89b22880ba0684a40e205
-
SHA512
daffff5dcddf3ac30b09019d9fbc0a0fe5d73de9a91bf192d2947f91f4cb1adb9e3c5142bdb5a373b203aea47fb7c35c5737aa60bbd03b3ca008f3de55e8b1dd
-
SSDEEP
24576:AyAg9hkKCZrEzgPM+sf19KHtnLHJiLLx3Zm:HAumKVw29KNnNi3x3
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
636c6831e9337ae0be8ccc466e94bff1945dfb0b1bb8dad69a2978f68f48512d
-
Size
493KB
-
MD5
a6b7191b24acf40a0f0b7db4b471b265
-
SHA1
3abf85119b6e3fa84b0372ebcb1d3a5dd0773664
-
SHA256
636c6831e9337ae0be8ccc466e94bff1945dfb0b1bb8dad69a2978f68f48512d
-
SHA512
e23a604bf582fc0c8e9b6fcbd54567dfc9e464c489fce9d8d0b3741fd9333ccced07f5e1d6fa6653d81424d7ef4112d6eb15f5380a7d2b4014deab5719f832d8
-
SSDEEP
12288:EMrsy90tdTf27By0GK1hLrnsv2NCBiBC:wy69wBy0GGhLUZiBC
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
6371475aa9cb4cc2dbcc2fa375c4d6e0f02eafc68e30119f4364189b97538dca
-
Size
485KB
-
MD5
8548c9d6597f60496d3b8e15be1ac20f
-
SHA1
2baade3fb378f47da5a11afda54ad56c7ae6f070
-
SHA256
6371475aa9cb4cc2dbcc2fa375c4d6e0f02eafc68e30119f4364189b97538dca
-
SHA512
5f4db26625ece8936a034f4ba00cd8e3fe7fd8624b649b56a5a758dbdddb5a1e1bab5c2639949c12b42dfed5ec7ce093a85fbfc488ecc51862315113e40fcdcf
-
SSDEEP
12288:vMrUy90Y4hLpXa8I9oom7Fn3wW/4p0N8nDU9n:Ty9uXBI9ooEFn5ApxAt
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
6d98d2425aec61b790c642e31bda2ca87b98b6470b4dd60c08de1708587f1411
-
Size
283KB
-
MD5
e8e1f842a6c56744e343b23f3be67295
-
SHA1
e368eea735a1a1c8d6201a53e980172a9de93080
-
SHA256
6d98d2425aec61b790c642e31bda2ca87b98b6470b4dd60c08de1708587f1411
-
SHA512
64e8ac2ccb1ccad5e6f650a3b10592df01030de272242a06fbd83b83906090bf51339561990f04e8fcd84a8c5c1a6473713bf704367502557374cfba21044b1c
-
SSDEEP
6144:dqO2Lhs4EPCeAr9iTmdqJ3Kr9LVszzGltO8jh+ynEl:duLhtUCVSaVenGJMFl
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
7d593823534c8bf5350a484383ae4c14165657f28d693b17a2faa06916c58289
-
Size
283KB
-
MD5
5590a27929430a95249d64c3ddbdb80a
-
SHA1
6febcbb5f7988dbd48ba56132304ea6fc5cd5328
-
SHA256
7d593823534c8bf5350a484383ae4c14165657f28d693b17a2faa06916c58289
-
SHA512
621b089c9b95695775284a34d6a1c6662ead12bc0eca018b7b025b74b9250e7428930ca7b965dc7758b160a3038ee32426555b24e39676f7fa9780debbe09500
-
SSDEEP
6144:Ajq2C+M4EPVegrdCTGiqa3n3tsIpy9RbM9JzEl:ArC+NUV12X9sIoRbM2l
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
7e9155d19244bf4b3b908d8e3f9ee675fe08dd54149e960aadc1447230b8319c
-
Size
492KB
-
MD5
5b0a257bf59bde11e4608365566bbb14
-
SHA1
6ad284fb11504b87efc4b1ea8c72eb851e2be77a
-
SHA256
7e9155d19244bf4b3b908d8e3f9ee675fe08dd54149e960aadc1447230b8319c
-
SHA512
0b94bf361b4f07a6916422abc49b855e018fa42b84776a799088b92675d7a53cf9de89ea5fb015f1299b632e46f0709b841ab92435cb4b62d31f7284b8316c17
-
SSDEEP
12288:1Mrey90jvd26ReJpsOSbey19hEYqyoCsYdf:TyyoXJpsOS9jz3d
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
817be3f5a49a23d678fd0cb76bb61abf50214569606ac3d0d0600befd2d9c787
-
Size
769KB
-
MD5
5ceb022d8f8bde2558382ff1740e4f74
-
SHA1
6e154dca96db9d140004d3b4e94afc45324b900b
-
SHA256
817be3f5a49a23d678fd0cb76bb61abf50214569606ac3d0d0600befd2d9c787
-
SHA512
0f9db2d85dde092ba468d9b87639241088fd5ec601cca79fc60040a28a2560c03667c2d8ab7b36f000ae8b4cf726ae728635e65d0c35a1b0b6546c04d8d41632
-
SSDEEP
24576:5y2FbNBLcOOsSAoKKkGqUoD0x8n169Eimzsw:s2FbNBLcOOuKSn9Xs
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
84d690a678e5c3055ce0a83992c921f35e5bf7b165506a695de85c34cf7b138a
-
Size
662KB
-
MD5
8df33ce8eb6e2fc9f9cd72481a3abf11
-
SHA1
5a41106311300a7cf84d02ea3692a9eab1dddbbe
-
SHA256
84d690a678e5c3055ce0a83992c921f35e5bf7b165506a695de85c34cf7b138a
-
SHA512
6cb9024a6b69ec9a4a7b0a6f563b61cdb081a16932a1485028ba3209d2a66adef0dc8d7789133f6bb7d88b7ee93d68dd83e875adb85a5d5eb4e14a7776497fe5
-
SSDEEP
12288:3MrEy90XWNlckmX5WMBu4F4SPzNIoPdH8Xkfg+PcWFNqM4tZpcn4sUAha:Dy+SlcwALWk5VHVfVPcqcMKpcn4sUv
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
8a833f1e2a239f2ae11656b13c90eb1a39d92f5fca65599dbebd1081f208469a
-
Size
663KB
-
MD5
e566265d78c322e23d79116152198543
-
SHA1
ada98af08c225f8f2cdb456ffdb402fa64acc860
-
SHA256
8a833f1e2a239f2ae11656b13c90eb1a39d92f5fca65599dbebd1081f208469a
-
SHA512
3a1f0ded8a5d16a4b70995a95deca0fe260f415cbe442a223d78498f5805996e760569c9c76a52b5bd6c9e6ae811f36d62ec4d9bb3c1b04efe52f95a24b3e7c4
-
SSDEEP
12288:SMrdy90qsvZCjRWhybFwloA2WdotkaZHtr7OBu63VhdAzVQm6vF1sQ0OU2l8N:zyiCjRWhKwoAVmt/ZHoBRV6um6vFzzpa
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
a6207c613c2f1beb9db6fd16ae372212cbd82f73a8c94afafe4c867a27518304
-
Size
273KB
-
MD5
a972f14351dbfb8cf0f4f36b815c340f
-
SHA1
693b785f30834b9ee17875c415e5f5a9187eac7b
-
SHA256
a6207c613c2f1beb9db6fd16ae372212cbd82f73a8c94afafe4c867a27518304
-
SHA512
57a3a8dd035e27db6681ab60e07c374e6967c2ba3baccf1c5b495f24824a65ede370d3299337c51bb6837b73938d626d95d33ae91827d79475425583869cbf1e
-
SSDEEP
6144:DqePsi5kV1JFy070vzu3PQ5AGVpyWKe9a6n:2ePs6xru3KAs15Fn
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
b843b5d1795644ec9e6dd14071ee33ee66683585f07a6c89d61ec113d763d278
-
Size
663KB
-
MD5
238b4b74881d18adce47b5f3aab7b845
-
SHA1
4cfbfff0dd0e1319883811ffeacf67630b321411
-
SHA256
b843b5d1795644ec9e6dd14071ee33ee66683585f07a6c89d61ec113d763d278
-
SHA512
a2c2810aa377570f4108027cf1da051bb8fa270731ee1945f34fe16b12da9fcf1192d89102e8e88f5c077249cd8504650b4a2ddc94a279c9a9a0b3750c153fb2
-
SSDEEP
12288:VMrKy90ePhiqUgy3QDdoUqNChDe2LB0SEwToQetkaO:ry3pik5mUCEWSFTo/q
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
bc0a361a973318fa776eb3e7f9c88901ca8d1d588434f1df0348b63576b6412b
-
Size
326KB
-
MD5
7cb0300735975423f301d6388b45f117
-
SHA1
6f080e78bf293f5611c51f21a8675155132ef1b7
-
SHA256
bc0a361a973318fa776eb3e7f9c88901ca8d1d588434f1df0348b63576b6412b
-
SHA512
496b09eb6d739e7a701fcd31695661a28063f14071b683d01508d756621d626420c4a279abf44d96f9496307e5f84a6f756f070cdf1240cb88fe0bc8118b8379
-
SSDEEP
6144:K8y+bnr+Jp0yN90QE2IwCaiWsHRcVGPGEAChBeMymVtQ:kMrVy90xIsHRcVuG3ItQ
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
ccede3ed348e14362603f903262b1aaa83c22032a82a06b2b9e809756507f214
-
Size
768KB
-
MD5
a10dbc94561cd3672ce8a66c98c7cef5
-
SHA1
f5b9d25680172f08547f81555e1fbae71aea7645
-
SHA256
ccede3ed348e14362603f903262b1aaa83c22032a82a06b2b9e809756507f214
-
SHA512
421dc7e3eac547f84a76be77b186d84fb520066ddbe9a2c55cef98364fb5f81a3aca9242f6e4b06c82740ea4263bbc679344f6bd7dbd12151b2ca34be8a0f455
-
SSDEEP
12288:VMrzy90B7tZfk4w5OFKJZQVHqtN/kwjztmrR99wk6nDwJJHOfSQWrwC8:eyutZs75lZQ1urak1sJlYWr78
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
14Registry Run Keys / Startup Folder
14Create or Modify System Process
8Windows Service
8Scheduled Task/Job
2Privilege Escalation
Boot or Logon Autostart Execution
14Registry Run Keys / Startup Folder
14Create or Modify System Process
8Windows Service
8Scheduled Task/Job
2