Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10-01-2024 22:04
Static task
static1
Behavioral task
behavioral1
Sample
eicar_com.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral2
Sample
eicar_com.zip
Resource
win11-20231215-en
General
-
Target
eicar_com.zip
-
Size
184B
-
MD5
6ce6f415d8475545be5ba114f208b0ff
-
SHA1
d27265074c9eac2e2122ed69294dbc4d7cce9141
-
SHA256
2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
-
SHA512
d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133493979296254551" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4520 wrote to memory of 5000 4520 chrome.exe 108 PID 4520 wrote to memory of 5000 4520 chrome.exe 108 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 3084 4520 chrome.exe 109 PID 4520 wrote to memory of 4960 4520 chrome.exe 110 PID 4520 wrote to memory of 4960 4520 chrome.exe 110 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111 PID 4520 wrote to memory of 2660 4520 chrome.exe 111
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip1⤵PID:1456
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2816
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbdcb29758,0x7ffbdcb29768,0x7ffbdcb297782⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:22⤵PID:3084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:4960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:2660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:12⤵PID:4652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:12⤵PID:3504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:12⤵PID:3364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:4236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4040 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:3892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:2840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:5292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:5356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:5472
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:5616
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff6d0217688,0x7ff6d0217698,0x7ff6d02176a83⤵PID:5668
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5680 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:12⤵PID:5776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:4496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3080 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:12⤵PID:5380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6080 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:12⤵PID:1904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:82⤵PID:1300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5996 --field-trial-handle=1960,i,1332412404944759314,11378642960250586983,131072 /prefetch:12⤵PID:3272
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4328
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵PID:2424
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
Filesize
16KB
MD5e2edba9065ad5e9c516a3e92977737ff
SHA10a8d4022c11fad0682d1da1dd81d280aaf3783f4
SHA2563910440065ceca630e2a20bdadeea60bbc564dc4f4c6ab205fe650f5ba789af4
SHA51205466f5834bb4b0ea72d92af091fe223ce0e3dd4fb639f72af80c5a06f386d4f1cb4cc2333546d53a69df15f9ac0ba7cfc599e889277de01c4b8c17a5036c1b6
-
Filesize
168B
MD537ec8b6ddecda990ce21690b443334ef
SHA1cfd3913c074e015c585045b714d0f4e863758f10
SHA256172db3c94bb85ef3ad06d0e37f728db19d5c6aecd77942739377c148c5a90c93
SHA5123c5ac879b9c43d3589e80be47b74d613986b7a5af7fc49d7ba1491d1805e44a5f9264d00930522621775b7bbc3d20bd4adbd7a4c5d604403bdc554fdf332f2d7
-
Filesize
360B
MD5a26a814b2f11beba29b4653667f64eea
SHA1bd9c743e4cf99b3843453bfc590f878d85446055
SHA256a4ac262e3651e3574d55e88da856cd5a102357adb8254ed62a6b4e034d5ebc88
SHA512d9c3c6608b92167cecd0d4c7c078c5422646ede3a5d95bf5f95cae574d2268c3a4fff37cab0abdf4bb225bfd97a2f716f6815eb19bced4a30bc1a7b037e1ed49
-
Filesize
2KB
MD5ccbc386434571b015624508df4540912
SHA1118ad0738464dea82532f08c57ba9869208e6e1c
SHA2566bde01d510fc2e9e2c7cb710a4df950bbcca92f314c3e295711418480498a62a
SHA51279336a6a4c849461fa093b7b7b555c719c8fac3453b9706d3723a556a9a58fe4c6f93c83373707b99ce1ea2540c0009e2b157f2a7fa1eb7ed22b0fd1d38887fc
-
Filesize
371B
MD585ca06e7ad11082e82194280d8e5f8e0
SHA1659a65cbe1ef06e2f6c9a2c006d0b6f6cc8831d2
SHA256a3c065eb2c9e55fb75a8d2daaaef7ba1ee7d17763117848a600ecb8ecacc5d3f
SHA512825579c47f4882ee76b4d4fa836811caad14688d0e84e42e435ea5e7358bc04311c029aad3eae43b8c4863f33513f2271b8450438f9afa18dc5e2dc6dad75e45
-
Filesize
371B
MD51f26d206321030871b2c9e8523ecca55
SHA19f2822a9a6ced60c0dbdfa68563aa5a7129474d7
SHA2566f008259fce03534783adceecb1d2c70b308566d165c04b5176c0a1b4320dd91
SHA51270ff93d65c2dc944d2b4a035c653018662bbf43b627d94ce27b20605560b7193f7d76a14ec242a01db23f4ce1e91e2291c5e46f40fb66d0cff74f9501027bb57
-
Filesize
371B
MD51a1a9387f47a489d4d3c340d9f013ecf
SHA15fbf8d45dc45beebff84ebcc6955ced383dd5609
SHA2567503022351c994a588a11e4b369eb53e0f550d382429eff74b1135a9181e3570
SHA51224b7da26c5b31c05b5dc941196ccf77eabbf31f2c0c7a0320a785683a8b9b9e8191f6b3e544c53260587a45c811dba9a640dc99bddcd0612229ed832ac158eb5
-
Filesize
371B
MD5a97ead63280b5ca799d5df531a45c082
SHA12c0decc31cb09b0d1d44191486e982c5307a81ea
SHA256bd9efa1655db4c32d36e245690893b98f0922086e0c3ec8b1ae3b6a15324fcc5
SHA512d62d151822399b93adc8db001c7c5a69b5511edd1d8812baefb1e46630c222a203097cb84fb3f173428b8e914120f224ae1c3143ec7c184be7a2e26f7e7c104e
-
Filesize
6KB
MD56b1113f39473281e15a5a198658f6c50
SHA1bde51d9286302b756b861a98733cc58d1d229295
SHA256b890452e865453ca9aaf6b053343129e911e53ed829fb85e53e09999a1786070
SHA512866d928cb8e4c7d729aa69e1486f294486ad9c49173acc54612dc514dc59447caba688562a5a7fc2a5b23fe9c7d896f108a2d4b76c44979bbd4f0b1f06a1cb1b
-
Filesize
6KB
MD5c21528bf665b810dcf1f54b521b0a4cc
SHA1396ef9fe6fd9963d16aa69f9ca58e6a4f7ba9d8e
SHA2567f886b28f3ac6ec2cc37db211bfe5913cac0db6d0ac34998e25fd9db48ae7df4
SHA51223e701b9802cc9570d821fbeef25619bdd640dd164c492db2db1bfc495ed1531a8e8842873545fd9bde335cde13e89a1a2ac03342c2f53c12f3aef5f3c3891a6
-
Filesize
7KB
MD5b7a296d180de19e3dda88fbdfb2a9759
SHA1c51117e47da920dde18cb38021b8720bfeb21416
SHA2566d5fa73eafd01c52e52aecead9f26c87ccd8e4d231a567758ab867a1f11f5d79
SHA512b7a06adb818f14d30110282906b3fbf2057f7e47884a439515c6fc42b1b8ec6f72baf90ec8570378685dc669f55d8e2aa509573a5d56f0cabc9e9a725c0400ff
-
Filesize
6KB
MD51f93861fae656a3d4ed801968bf93060
SHA189a6b2134d40f7e2c198c2dd37a72d794193a292
SHA256f47deaf9d82dc8ec654388abbdc8869e389dc842f123cb947eccf14389ee44ad
SHA512c5bdf69cbdc4d3d6ff051bd48c920e90fa4d73ac4bcaaff10c875167170a3960b303aeb71d52b554b88f815cd5fbe88cf0ad88e8abf9f722288c2e7d8c38fd8b
-
Filesize
7KB
MD5f8ce6f2eba868b8349018c9bddc419a2
SHA1fa7fc07ed8c68b244d8ef501841fd418a88a706c
SHA256e0b5da4daa269535e53bbe984db1e10e0406b9148c8df867f86101120ebd8604
SHA51277a3e2ffdb97d5737aaea3b753dcc4ec21e46954e78dd65ca1b1eb4c25c9f41bbe29e28102cc9c2d2fbcf87392f159247134b66801e20438455fc74dd6a6c4c5
-
Filesize
15KB
MD5386e1886d151e609ae14f2d51a1a1a11
SHA163998936f7a043e5db4d5604fc7a94b9058a4b04
SHA256cc9c32cb89998ddb6539fb402387b85ca240fe016025519d4c525f83041fd75f
SHA51209390c2f41978db7e5fc2c81778865ffd2e6ed57ee716060d3dcc6b8784cc038d601fc649ab9a42323067cb2b0b1b2a5589b7e3b39bb0bf681845ab3c4848221
-
Filesize
115KB
MD56934a0beb92b00cef305e27281c0f52c
SHA136f805b9637d0ca4ce2bb973b24cd7d66b5ab981
SHA256ae3f878622f8f80237589b9588b0ebd4aa5a70b00d1b4f47c1f71cb4e5f8675e
SHA512c1a8ce93be0312fb5ce7608eb60572025933a7bb5a4c74d92098ac2f1a95e1d0082dfe4bd934f53de2a2df7d54621809751c8df62553e8b646c1e47d09919df3
-
Filesize
228KB
MD55b788a5cf62043ad9181789a4fe70a11
SHA1ca19a38c14c6fe1e681dcd68cc11554c296a20a1
SHA256cdc62d519fbbffb81b3277615c545e832822da98b59bbbe070dfbc1439acbbbe
SHA512d78495015d4d46cfbb454ef4ae79dfa65680af578684f62e73e84da0b253835b9bd96919ae7541a2fe1dcc95c5676748681ed4928268d5ca1bc5595fcf47cc37
-
Filesize
229KB
MD55235257cf7d59613e8ee4458c6444c97
SHA170540805b5f6b77404f8c009d2596d606a14f719
SHA256d7302ee836ebce04f517c2541b18acd25145fe882980b3a14faf6f6e2176359a
SHA512e6153badca96efb440c77f1d69e13f451339f5e4f509475bd6ddc2d3933f6fe0a617ff70df54c101d35407d0778ff7953b5eaa128af11ea5531a483344e5a2e8
-
Filesize
248KB
MD587cd8a5da502bb36d9a8d4342d4e88e7
SHA1616bdbc9f649d7b7b1e4a51e1544039e9d2fe174
SHA2569fbf1876224b991ab8918e40e044dd5a0317bb07bde978c28ceb31e25da2dcaf
SHA512cec67863998dd55bd007554d8589fcbe1557a10d75ce45ca5cb8f678be96cf4e539af429bb1fb1f2950fb33965ac6ffe0f462aa28efe5044badf1b424fbd57c9
-
Filesize
101KB
MD5fc1e0c535356f1d2fe65832b7e2d06d0
SHA1c1db05b4a183563d909a8b953f6f4199834a6a53
SHA25626c0c62cb0a06a51d77de1537e61436bd859648a2dced686d557906b14abf43b
SHA5123f27c8e89e6dbd92a7df029b63177576d5dc2a067447592974f2458fe3d86ae6e7091a4e4d7c82b606b13eb1436be762308831638677e5f6dd8f47788392fc86
-
Filesize
98KB
MD5af098ab3602b0c224bb83d68049e5d56
SHA18f167387d08f8629c5d3fcdf3793f9bf4abde072
SHA256d2f704da03a6a9b6aa5e061e01daf452bad36f3038104d8047e9a1899f1171f2
SHA5122e2403a4dd293805017a0f7828f5be252c52e598e16d440dc0c04a4ea659a385dcdee50a9cf05aaae822ace2dfc7b66d9e8cc987ab901990c6212a50ba3345bd
-
Filesize
97KB
MD5964493c9d9a0ddf5fb06d4893a5b43a4
SHA16d3c87320160efab720e7ebc9337b31b87f444c3
SHA25633e95a20310e4e57682f2e2c945c5acd2b2f71be26d7292614c5f965a1a17158
SHA512b8be0a085ceddf338404eda476cd5548f38815c26edb5a6d1c6957a536bc0f9175fd0e491eb4d2d6a8598a63f9720f5f9c84abdb2db396509ba365704faaf03f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd