[code] HitmanPro 3.7.20.286 www.hitmanpro.com Computer name . . . . : DESKTOP-KLET6VM Windows . . . . . . . : 10.0.0.19041.X64/8 User name . . . . . . : DESKTOP-KLET6VM\Etienne UAC . . . . . . . . . : Enabled License . . . . . . . : Paid (255 days left) Scan date . . . . . . : 2021-02-21 10:11:10 Scan mode . . . . . . : Quick Scan duration . . . . : 53s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 329 Objects scanned . . . : 4.791 Files scanned . . . . : 4.791 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\System32\svchost.exe Size . . . . . . . : 57.360 bytes Age . . . . . . . : 16.0 days (2021-02-05 09:47:29) Entropy . . . . . : 6.0 SHA-256 . . . . . : 643EC58E82E0272C97C2A59F6020970D881AF19C0AD5029DB9C958C13B6558C7 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Host Process for Windows Services Version . . . . . : 10.0.19041.546 Copyright . . . . : © Microsoft Corporation. All rights reserved. RSA Key Size . . . : 2048 Service . . . . . : WpnUserService_499d1 Process Type . . . : Critical LanguageID . . . . : 1033 Authenticode . . . : Valid Running processes : 556, 572, 1040, 1288, 1296, 1304, 1408, 1440, 1460, 1476, 1484, 1500, 1620, 1712, 1760, 1768, 1832, 1908, 1996, 2076, 2144, 2240, 2340, 2360, 2428, 2436, 2444, 2532, 2556, 2660, 2996, 3000, 3012, 3024, 3200, 3288, 3320, 3328, 3468, 3564, 3708, 3768, 3960, 3968, 3976, 3984, 3988, 4000, 4008, 4016, 4024, 4108, 4276, 4328, 4476, 4720, 4860, 4964, 5136, 5204, 5448, 5456, 5516, 5868, 5956, 7460, 8000, 8344, 8832, 9348, 10140, 10352, 10848, 11116, 13384, 14076 Fuzzy . . . . . . : 25.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. This program is actively listening for inbound network connections. Program starts automatically without user intervention. The file is in use by one or more active processes. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Starts automatically as a service during system bootup. Time indicates that the file appeared recently on this computer. This file's process is marked as system critical. The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files. Program is code signed with a valid Authenticode certificate. Startup HKLM\SYSTEM\ControlSet001\Services\AarSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_499d1\ HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_499d1\ HKLM\SYSTEM\ControlSet001\Services\CaptureService_499d1\ HKLM\SYSTEM\ControlSet001\Services\cbdhsvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\ConsentUxUserSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\DeviceAssociationBrokerSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\MessagingService_499d1\ HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\UdkUserSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_499d1\ HKLM\SYSTEM\ControlSet001\Services\WpnUserService_499d1\ HKLM\SYSTEM\CurrentControlSet\Services\AarSvc\ HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\AJRouter\ HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\ HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\ HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\ HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness\ HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\ HKLM\SYSTEM\CurrentControlSet\Services\AssignedAccessManagerSvc\ HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\ HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\ HKLM\SYSTEM\CurrentControlSet\Services\autotimesvc\ HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\ HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService\ HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\BDESVC\ HKLM\SYSTEM\CurrentControlSet\Services\BFE\ HKLM\SYSTEM\CurrentControlSet\Services\BITS\ HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService\ HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\ HKLM\SYSTEM\CurrentControlSet\Services\BTAGService\ HKLM\SYSTEM\CurrentControlSet\Services\BthAvctpSvc\ HKLM\SYSTEM\CurrentControlSet\Services\bthserv\ HKLM\SYSTEM\CurrentControlSet\Services\camsvc\ HKLM\SYSTEM\CurrentControlSet\Services\CaptureService\ HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc\ HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc\ HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc\ HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\ HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC\ HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc\ HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar\ HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\ HKLM\SYSTEM\CurrentControlSet\Services\CscService\ HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\ HKLM\SYSTEM\CurrentControlSet\Services\defragsvc\ HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationBrokerSvc\ HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationBrokerSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\ HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall\ HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc\ HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc\ HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker\ HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\ HKLM\SYSTEM\CurrentControlSet\Services\diagsvc\ HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\ HKLM\SYSTEM\CurrentControlSet\Services\DispBrokerDesktopSvc\ HKLM\SYSTEM\CurrentControlSet\Services\DisplayEnhancementService\ HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc\ HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice\ HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\ HKLM\SYSTEM\CurrentControlSet\Services\DoSvc\ HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\ HKLM\SYSTEM\CurrentControlSet\Services\DPS\ HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc\ HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\ HKLM\SYSTEM\CurrentControlSet\Services\DusmSvc\ HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\ HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode\ HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc\ HKLM\SYSTEM\CurrentControlSet\Services\EventLog\ HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\ HKLM\SYSTEM\CurrentControlSet\Services\fdPHost\ HKLM\SYSTEM\CurrentControlSet\Services\FDResPub\ HKLM\SYSTEM\CurrentControlSet\Services\fhsvc\ HKLM\SYSTEM\CurrentControlSet\Services\FontCache\ HKLM\SYSTEM\CurrentControlSet\Services\FrameServer\ HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\ HKLM\SYSTEM\CurrentControlSet\Services\GraphicsPerfSvc\ HKLM\SYSTEM\CurrentControlSet\Services\hidserv\ HKLM\SYSTEM\CurrentControlSet\Services\HvHost\ HKLM\SYSTEM\CurrentControlSet\Services\icssvc\ HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\ HKLM\SYSTEM\CurrentControlSet\Services\InstallService\ HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\ HKLM\SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc\ HKLM\SYSTEM\CurrentControlSet\Services\KtmRm\ HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\ HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\ HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\ HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\ HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc\ HKLM\SYSTEM\CurrentControlSet\Services\lmhosts\ HKLM\SYSTEM\CurrentControlSet\Services\LSM\ HKLM\SYSTEM\CurrentControlSet\Services\LxpSvc\ HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker\ HKLM\SYSTEM\CurrentControlSet\Services\MessagingService\ HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\MixedRealityOpenXRSvc\ HKLM\SYSTEM\CurrentControlSet\Services\mpssvc\ HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\ HKLM\SYSTEM\CurrentControlSet\Services\NaturalAuthentication\ HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc\ HKLM\SYSTEM\CurrentControlSet\Services\NcbService\ HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup\ HKLM\SYSTEM\CurrentControlSet\Services\Netman\ HKLM\SYSTEM\CurrentControlSet\Services\netprofm\ HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc\ HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\ HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc\ HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\ HKLM\SYSTEM\CurrentControlSet\Services\nsi\ HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\ HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\ HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\ HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\ HKLM\SYSTEM\CurrentControlSet\Services\PeerDistSvc\ HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc\ HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\ HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\pla\ HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\ HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\ HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\ HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\ HKLM\SYSTEM\CurrentControlSet\Services\Power\ HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify\ HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc\ HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc\ HKLM\SYSTEM\CurrentControlSet\Services\PushToInstall\ HKLM\SYSTEM\CurrentControlSet\Services\QWAVE\ HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\ HKLM\SYSTEM\CurrentControlSet\Services\RasMan\ HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\ HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo\ HKLM\SYSTEM\CurrentControlSet\Services\RmSvc\ HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper\ HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\ HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\ HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\ HKLM\SYSTEM\CurrentControlSet\Services\Schedule\ HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\ HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC\ HKLM\SYSTEM\CurrentControlSet\Services\seclogon\ HKLM\SYSTEM\CurrentControlSet\Services\SEMgrSvc\ HKLM\SYSTEM\CurrentControlSet\Services\SENS\ HKLM\SYSTEM\CurrentControlSet\Services\SensorService\ HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\ HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\ HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\ HKLM\SYSTEM\CurrentControlSet\Services\SharedRealitySvc\ HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\ HKLM\SYSTEM\CurrentControlSet\Services\shpamsvc\ HKLM\SYSTEM\CurrentControlSet\Services\smphost\ HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\ HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\ HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\ HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\ HKLM\SYSTEM\CurrentControlSet\Services\stisvc\ HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\ HKLM\SYSTEM\CurrentControlSet\Services\svsvc\ HKLM\SYSTEM\CurrentControlSet\Services\swprv\ HKLM\SYSTEM\CurrentControlSet\Services\SysMain\ HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\ HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService\ HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\ HKLM\SYSTEM\CurrentControlSet\Services\TermService\ HKLM\SYSTEM\CurrentControlSet\Services\Themes\ HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\ HKLM\SYSTEM\CurrentControlSet\Services\TokenBroker\ HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\ HKLM\SYSTEM\CurrentControlSet\Services\TroubleshootingSvc\ HKLM\SYSTEM\CurrentControlSet\Services\tzautoupdate\ HKLM\SYSTEM\CurrentControlSet\Services\UdkUserSvc\ HKLM\SYSTEM\CurrentControlSet\Services\UdkUserSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService\ HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\ HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\upnphost\ HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\ HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\UserManager\ HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\ HKLM\SYSTEM\CurrentControlSet\Services\VacSvc\ HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\ HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\ HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\ HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\ HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\ HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\ HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\ HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\ HKLM\SYSTEM\CurrentControlSet\Services\W32Time\ HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\ HKLM\SYSTEM\CurrentControlSet\Services\WalletService\ HKLM\SYSTEM\CurrentControlSet\Services\WarpJITSvc\ HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc\ HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\ HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\ HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost\ HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost\ HKLM\SYSTEM\CurrentControlSet\Services\WebClient\ HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc\ HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\ HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport\ HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\ HKLM\SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc\ HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc\ HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\ HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\ HKLM\SYSTEM\CurrentControlSet\Services\WinRM\ HKLM\SYSTEM\CurrentControlSet\Services\wisvc\ HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\ HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\ HKLM\SYSTEM\CurrentControlSet\Services\wlpasvc\ HKLM\SYSTEM\CurrentControlSet\Services\WManSvc\ HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc\ HKLM\SYSTEM\CurrentControlSet\Services\WpcMonSvc\ HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum\ HKLM\SYSTEM\CurrentControlSet\Services\WpnService\ HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService\ HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_f36d7e\ HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\ HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\ HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\ HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager\ HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave\ HKLM\SYSTEM\CurrentControlSet\Services\XboxGipSvc\ HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\ Network Ports 0.0.0.0:135 0.0.0.0:49666 0.0.0.0:49667 0.0.0.0:5040 192.168.178.164:55406 23.216.255.183:80 [/code]