Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
259s -
max time network
246s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 19:19
Static task
static1
Behavioral task
behavioral1
Sample
gmodlogo.png
Resource
win10v2004-20240508-en
Errors
General
-
Target
gmodlogo.png
-
Size
2KB
-
MD5
12767b3697811eee36cead87431628cd
-
SHA1
77cd01730ed48888392d0622e80dd2ae28fc4845
-
SHA256
18f6a75c238707554b47eed2e2beb68b93268be06f287ff14f22de5a9565d253
-
SHA512
ff4b0d6d5a2097b8ed4318b3511403e370df1d435d761c5da7e407d5696bbcd1f1945439d329b54be4392bde3ae70e3a5141399c4d2dd22118fecc088996142a
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 1 IoCs
pid Process 4720 timeout.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 5 IoCs
pid Process 3876 taskkill.exe 4204 taskkill.exe 4996 taskkill.exe 1424 taskkill.exe 2588 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597561172501407" chrome.exe -
Opens file in notepad (likely ransom note) 3 IoCs
pid Process 2104 NOTEPAD.EXE 1032 NOTEPAD.EXE 4008 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 3772 chrome.exe 3772 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeDebugPrivilege 3876 taskkill.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeDebugPrivilege 4204 taskkill.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeDebugPrivilege 4996 taskkill.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4836 wrote to memory of 3684 4836 chrome.exe 95 PID 4836 wrote to memory of 3684 4836 chrome.exe 95 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 1600 4836 chrome.exe 96 PID 4836 wrote to memory of 2424 4836 chrome.exe 97 PID 4836 wrote to memory of 2424 4836 chrome.exe 97 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98 PID 4836 wrote to memory of 4312 4836 chrome.exe 98
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\gmodlogo.png1⤵PID:1900
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ass.bat1⤵
- Opens file in notepad (likely ransom note)
PID:2104
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff98fe2ab58,0x7ff98fe2ab68,0x7ff98fe2ab782⤵PID:3684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:22⤵PID:1600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:2424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:12⤵PID:3348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:12⤵PID:1928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:12⤵PID:1776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:1044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:1920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:4356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:3460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:3416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:4004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:4552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:82⤵PID:3144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 --field-trial-handle=1836,i,10009605336113873673,18344695991585476607,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3772
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3756
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ass.bat" "1⤵PID:3772
-
C:\Windows\system32\taskkill.exetaskkill /f /im winlogon.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3876
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\ass.bat"1⤵PID:3344
-
C:\Windows\system32\taskkill.exetaskkill /f /im winlogon.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4204
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ass.bat" "1⤵PID:1560
-
C:\Windows\system32\taskkill.exetaskkill /f /im winlogon.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4996
-
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ass.bat1⤵
- Opens file in notepad (likely ransom note)
PID:1032
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\ass.bat"1⤵PID:1920
-
C:\Windows\system32\taskkill.exetaskkill /f /im wininit.exe2⤵
- Kills process with taskkill
PID:1424
-
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ass.bat1⤵
- Opens file in notepad (likely ransom note)
PID:4008
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\ass.bat"1⤵PID:4912
-
C:\Windows\system32\timeout.exetimeout 102⤵
- Delays execution with timeout.exe
PID:4720
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1624
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2656
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4504
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4036
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1800
-
-
C:\Windows\system32\cmd.execmd2⤵PID:656
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1504
-
-
C:\Windows\system32\cmd.execmd2⤵PID:224
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1920
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4596
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3560
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4404
-
-
C:\Windows\system32\cmd.execmd2⤵PID:900
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1204
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4616
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2120
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2116
-
-
C:\Windows\system32\cmd.execmd2⤵PID:948
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1428
-
-
C:\Windows\system32\cmd.execmd2⤵PID:804
-
-
C:\Windows\system32\cmd.execmd2⤵PID:428
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1872
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2596
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4884
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4904
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4548
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4996
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3764
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4220
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4308
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1808
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3704
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3504
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2132
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4892
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1960
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im svchost.exe2⤵
- Kills process with taskkill
PID:2588
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD57801aa62f5001ee18b22de9f5f9ec85c
SHA1df92dcf8a2eda4c020952669e25ebfce773b80c1
SHA256610d953dc7651157b1fe8a33aa5e63fdf6f872678d7909a84409eb3065cf61ed
SHA512faab63cbdb5ad0b7d9ad7cd93cd00d67809beba348b08bfb725d4e7a7634f9e27c2000592120ea87667975b5eace52273361edb723fb5a9a48ff9e71e1ab5417
-
Filesize
1KB
MD5f9751a9365bd19e84c72cb02ee2316e2
SHA1eefef9dfc3bf2f64027d935c191709e1add9387f
SHA256a7914adc70b3c947ff0acf7e810675ff28c18b792bcd9c5d95124e8a67534348
SHA512969a804671e8c657a72a54743588d0e0d33e3f7162a4c5a3b02e3e3189d6f30d4c47bbbe51fac52d4c219c156aac5fb5e12a5389f64415e288cfba812b1034ac
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD53c0cce0e7dd284de1249c72cba59e2dc
SHA1390028355b96d26b575783f249d7bcfa83a6f4eb
SHA256b090f8a11e212498ecef198d302b17d3c3d35855d1c3ca1bcc9d14a2ddf8d389
SHA512a67ba1a807e932ff793da928e3558e3beb2f9518debffd94b87f2fa474720c491ee1ba1762dc41aa7db6c1b3441f345da8ecc69bcd5d7af73153759d71da5900
-
Filesize
6KB
MD5c90cbf9d59ff37721a64e4b43d674ed3
SHA1caf4570efe0594677f808de9e7d87b54b94ae205
SHA256d79bc1121b9b0169bca0df135ce95147f32fd27cff3247dc2f9dbfbcd772827d
SHA512a16636f35bf11c667e8f14acd17d21879edcbf6036fa8b016bad08f0fdf59e18a403ff976ad56f0fae2b261bba4f0fbba10436a5b1143999e1b45b61122b536d
-
Filesize
6KB
MD58b9c7f40def03b6133136d3e57226105
SHA1e57965562e96d89547ce4362c9b4b2e4fea33420
SHA256f42fd3875fd4c4355249feaf2a65c36b10511a016549b4bf8d76b4a193f81147
SHA512aba3b1d30c15d8853e34218ca881216a142e40da0ad2c7a9adaa4744b98ba8762766b5f21886fd863f42d56a4105a6c88a0b21c5b35c8a4dc34a7bc2ab69eeec
-
Filesize
16KB
MD51f5bafa1728647a0e3257c079c4c1fbe
SHA11cfddf256612b00525856ba62cb49d04748aac4e
SHA256c9628e0675257cb3926228529836375a23919feae2e74ed256bcb9a10db1ffab
SHA5120dfe45381be3591218e74844edccad5e767b65c85105391f50802f1e7ee57167c0a4c1da6460105362e4e61522a874d6753b0c5a6e9a4236e9d649993ab279ca
-
Filesize
277KB
MD5f4df93e6c571ff5ffb7e964cffeb1826
SHA16baa9a9bbf6dc1593b168ef63220ac1ca3f88ebd
SHA2563495bce0f116c8e04722ab3b70e59553006364f9ea9f52e56e8bc66109aa3ab4
SHA512a111378ab81ac2bc22618f23d9c0f391f94ae9cde0b9ffeabfc50ba90b00c3f26494e5a5eb28eed3e323519c17c5feae34d8844cf057eb1aac2d97fb43b4d8be
-
Filesize
257KB
MD5f71ccde67b28ebd46fe813ea4a34395d
SHA1f4b9f6c25cbf2b58e6913d6f1465367862659a8e
SHA25690755716926e88027fe2f973421e1fc8d6ed9ab18447a87e100c45a77d628e44
SHA512b06fb000b49171bb12abf82cdf061100fc8b2e73712e7280f242ad6f512060103e9c8f9278c6e95637c38211b14191853194a9376087060a26510953d67a3311
-
Filesize
257KB
MD5e0f23fa1a0be1e7725fca5c7a26a2928
SHA1c013de6e8e7c479559eec26852dc9b973409e485
SHA2569ad1d06c57a6547172e70bb8e8b13b9a979a0852897484e3cc30bc1f131fc2dc
SHA512011904ec7185c3db7529975301fd56e2fbb2c38152c99fbc9071db9dfc07b13554b6cd41629aca48af42a016fb073fe19dc623230bfdd4945ee2f112d249ec68
-
Filesize
258KB
MD58b731878254b0ee57512ece92a9f0afc
SHA1990714dc767a07f9c295c3ea78f33ea985c0a7ee
SHA256360fe59c82f76ea5fca706723a613dbb3fdc686e428d1063681b1334b3b3b4fd
SHA512d49ea6cd3b726c1b17b0da79491e736284dafb04c11ebf319ec1688fd7874ecbda60409f596eead93243a7ebc8ee9be445fdbc45040d03d0d5de7e5ec3890251
-
Filesize
262KB
MD59c13d414ecfe6ea7838f4085c3600774
SHA19b75cf449e72dd39378d3d57f5e7c6eef9c78f69
SHA2564cdbb6bbab9ae3573c1ec1b1ea6b131e632e48a82127787eacb7b8b2686ba878
SHA5126747ebc219fef1453f401fda5a9a2ca06764d5718191695ca4d45229a754e1d3b9ee9812001ef997a5832af6dbea047748edc3f1268b18dffae859829e7f5e93
-
Filesize
258KB
MD549ffca90eb59ab2dddb9b7424af90583
SHA151f5d0ba5b07de518623a6839701762bda8e7ae4
SHA256d6429a4c894914a452243c49bd41f5fc91b1a317951674be3b4f1e187e774d8b
SHA512ce9b75368a21ac0c5ac8b0217e3af79889abeb28ebe12a6a23fd85a9693b824eced767cbc4939dd649985572983b01105f06af68e43b8a0fe7d31ccc2dcd674d
-
Filesize
92KB
MD5e8866bb8b27d7c365e46cf09dbad19e4
SHA15d07bc44ecf7b0f60118fa28eadd26843fac3fb5
SHA256c7bbd2c9d3b288b1b8b77c183304c23c3cae1ee282813bdf64a8fa673ddd8591
SHA5125f5543a80fce9470a2420645f55b0d9a34ce78078fc396a288d80b82e3bf21c1aa3b45744e08cab7382bb04a12e88e387c9e0f483fb0a6fbf7f59c4d5c4a5994
-
Filesize
89KB
MD5b9c9f9863996b2b706370fd4ece35f6e
SHA1c8c882165f7cf2984a8d290aea7b99b6a781c55d
SHA2566c37119439180911774f7a372e657d21a630d96942700849ac31c27d0a8ad24e
SHA51253317ad35e02cc5192bdb37b6b5365a005a767b1ac6491cfa69b0b471da87c53d6e8b04828a681eb42ce77b749560adb068ccaf246f318e6a5f1ce1911c157d0
-
Filesize
38B
MD5acf8015de40c50b57a63f8c68ebb16d0
SHA122e697c3e9bfce263341c2ee544505a554ebc46a
SHA256ed2e8ff8237d3ccb7d31d923f323596b30ac355148fb8570bbf7c27d8863806a
SHA512a8001a0a213da0baf0f1f6d9d23d8ec8f02e2de712aba778ba8aa2be899499d95dd63b3590f61668f79097a28c3103c4d52cf6eae26853fd3a615aefd91709fe
-
Filesize
446B
MD59aea2d34e9d100f2253fe9d101cc2541
SHA16fed4fbdc32875e93959fedd2bdff84ff3d5e202
SHA25668fbf34717fd410b2ee46ff861eef7e2ae63bdcec19ced801277e6711b3fdf2f
SHA5121f4f5b6ec67fd84dfc7f1953c9d0f23edaac425043ece6bcf3ce906c88d71f06e622ddbadfed6dbb94b03cc5cfbcae59a6a26724e9d9f756a8586ff9919ceeb5
-
Filesize
39B
MD546ee34d0175c06420341d16739226d9b
SHA1fea2c2633c734308fd0c175579e0497312dbf3f4
SHA25660c1de058691b51e957b952d3ee04e4f114f41d02adb281f938e5083db8af8c7
SHA5125cdb5dbf93363e8385837df99dd7ae697ebbc0c8c997b78ec20e93b1c73e948e865b6db941fb4e8ad92f514d066443b1abfe98426ac1913f7f1e11e3e07c56a3