Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

f461b17cf8...c6.exe

windows7-x64

10

f461b17cf8...c6.exe

windows10-2004-x64

10
Report Analysis Logs
  • Analog Header
    version
    0.2
    sample
    241104-veytnatbra
    task
    241104-veytnatbra-behavioral2
    backend
    sbx4m60
    resource
    win10v2004-20241007-en
    platform
    windows10-2004_x64
  • Process Create
    proc
    2
    time
    140
    kind
    Existing
    image
    C:\Windows\system32\csrss.exe
    cmd
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    pid
    444
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    1
    time
    140
    kind
    Existing
    image
    C:\Windows\System32\smss.exe
    cmd
    \SystemRoot\System32\smss.exe
    pid
    356
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    7
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\lsass.exe
    cmd
    C:\Windows\system32\lsass.exe
    pid
    684
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    6
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\services.exe
    cmd
    C:\Windows\system32\services.exe
    pid
    668
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    5
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\winlogon.exe
    cmd
    winlogon.exe
    pid
    612
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    4
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\csrss.exe
    cmd
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    pid
    528
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    3
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\wininit.exe
    cmd
    wininit.exe
    pid
    520
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    9
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\fontdrvhost.exe
    cmd
    "fontdrvhost.exe"
    pid
    796
    parent_proc
    5
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    13
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\dwm.exe
    cmd
    "dwm.exe"
    pid
    316
    parent_proc
    5
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    15
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
    pid
    1048
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    16
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
    pid
    1056
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    14
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
    pid
    412
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    20
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
    pid
    1208
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    21
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
    pid
    1292
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    19
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
    pid
    1192
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    22
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
    pid
    1312
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    24
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
    pid
    1400
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    25
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
    pid
    1468
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    23
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
    pid
    1384
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    27
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
    pid
    1512
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    26
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
    pid
    1492
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    18
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
    pid
    1080
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    28
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
    pid
    1652
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    17
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
    pid
    1064
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    30
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
    pid
    1732
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    29
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
    pid
    1696
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    12
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
    pid
    960
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    11
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k RPCSS -p
    pid
    912
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    10
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\fontdrvhost.exe
    cmd
    "fontdrvhost.exe"
    pid
    804
    parent_proc
    3
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    32
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
    pid
    1828
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    31
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
    pid
    1808
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    8
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k DcomLaunch -p
    pid
    788
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    34
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
    pid
    1960
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    36
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
    pid
    2036
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    35
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
    pid
    1968
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    40
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
    pid
    2216
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    39
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
    pid
    2120
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    38
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
    pid
    2096
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    41
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
    pid
    2332
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    37
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\spoolsv.exe
    cmd
    C:\Windows\System32\spoolsv.exe
    pid
    2060
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    44
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\sihost.exe
    cmd
    sihost.exe
    pid
    2672
    parent_proc
    25
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    48
    time
    156
    kind
    Existing
    image
    C:\Windows\sysmon.exe
    cmd
    C:\Windows\sysmon.exe
    pid
    2792
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    49
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
    pid
    2812
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    50
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
    pid
    2844
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    56
    time
    156
    kind
    Existing
    image
    C:\Windows\Explorer.EXE
    cmd
    C:\Windows\Explorer.EXE
    pid
    3540
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    60
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\RuntimeBroker.exe
    cmd
    C:\Windows\System32\RuntimeBroker.exe -Embedding
    pid
    3996
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    84
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\backgroundTaskHost.exe
    cmd
    "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
    pid
    4060
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    83
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\backgroundTaskHost.exe
    cmd
    "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
    pid
    2452
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    82
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
    pid
    4304
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    81
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\MusNotification.exe
    cmd
    C:\Windows\system32\MusNotification.exe
    pid
    4952
    parent_proc
    19
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    80
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\Upfc.exe
    cmd
    C:\Windows\System32\Upfc.exe /launchtype periodic /cv i4Sk7JMNwU6pyXyqqN4TSw.0
    pid
    4508
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    79
    time
    156
    kind
    Hidden
    image
    C:\Users\Admin\AppData\Local\Temp\3281434958\zmstage.exe
    cmd
    C:\Users\Admin\AppData\Local\Temp\3281434958\zmstage.exe
    pid
    3552
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    78
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\RuntimeBroker.exe
    cmd
    C:\Windows\System32\RuntimeBroker.exe -Embedding
    pid
    2012
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    77
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\RuntimeBroker.exe
    cmd
    C:\Windows\System32\RuntimeBroker.exe -Embedding
    pid
    452
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    76
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\RuntimeBroker.exe
    cmd
    C:\Windows\System32\RuntimeBroker.exe -Embedding
    pid
    4608
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    75
    time
    156
    kind
    Existing
    image
    C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
    cmd
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
    pid
    3788
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    74
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
    pid
    952
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    73
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\DllHost.exe
    cmd
    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
    pid
    3220
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    72
    time
    156
    kind
    Existing
    image
    C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    cmd
    "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
    pid
    4184
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    71
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
    pid
    2916
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    70
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\SppExtComObj.exe
    cmd
    C:\Windows\system32\SppExtComObj.exe -Embedding
    pid
    3980
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    69
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
    pid
    4040
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    68
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
    pid
    2924
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    67
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
    pid
    4600
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    66
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
    pid
    4524
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    65
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
    pid
    3756
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    64
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\sppsvc.exe
    cmd
    C:\Windows\system32\sppsvc.exe
    pid
    4748
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    63
    time
    156
    kind
    Hidden
    image
    C:\Windows\System32\-63gkj.exe
    cmd
    "C:\Windows\System32\-63gkj.exe"
    pid
    4256
    parent_proc
    56
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    62
    time
    156
    kind
    Existing
    image
    C:\Windows\System32\RuntimeBroker.exe
    cmd
    C:\Windows\System32\RuntimeBroker.exe -Embedding
    pid
    3956
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    61
    time
    156
    kind
    Existing
    image
    C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    cmd
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    pid
    4088
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    59
    time
    156
    kind
    Existing
    image
    C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    cmd
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    pid
    3920
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    58
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\DllHost.exe
    cmd
    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
    pid
    3832
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    57
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
    pid
    3644
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    55
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
    pid
    3456
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    54
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
    pid
    3100
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    53
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\wbem\unsecapp.exe
    cmd
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    pid
    2256
    parent_proc
    8
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    52
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc
    pid
    2992
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    51
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\taskhostw.exe
    cmd
    taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
    pid
    2940
    parent_proc
    19
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    47
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
    pid
    2780
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    46
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
    pid
    2724
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    45
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
    pid
    2700
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    43
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
    pid
    2504
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    42
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
    pid
    2492
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    33
    time
    156
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
    pid
    1932
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    85
    time
    171
    kind
    Create
    image
    C:\Users\Admin\AppData\Local\Temp\f461b17cf839f10db53155f207682533d99a056ee3a883ff7e0e6f5bc77f87c6.exe
    cmd
    "C:\Users\Admin\AppData\Local\Temp\f461b17cf839f10db53155f207682533d99a056ee3a883ff7e0e6f5bc77f87c6.exe"
    pid
    4240
    parent_proc
    56
    status
    0x00000000
  • Registry Read
    proc
    85
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    85
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    85
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\RaiseExceptionOnPossibleDeadlock
  • Registry Read
    proc
    85
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Segment Heap
  • Registry Read
    proc
    85
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Segment Heap
  • Registry Read
    proc
    85
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    85
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    85
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
  • File Read
    proc
    85
    path
    C:\Windows
    op
    Unknown
    status
    0x00000000
  • File Read
    proc
    85
    path
    C:\Windows
    op
    OpenRead
    status
    0x00000000
  • Registry Read
    proc
    85
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\Software\Microsoft\Wow64\x86
  • Registry Read
    proc
    85
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SOFTWARE\Microsoft\Wow64\x86\f461b17cf839f10db53155f207682533d99a056ee3a883ff7e0e6f5bc77f87c6.exe
  • Registry Read
    proc
    85
    op
    QueryValueKey
    status
    0x00000000
    path
    HKLM\SOFTWARE\Microsoft\Wow64\x86\
  • Registry Read
    proc
    85
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.