VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00锦瑟
file size: 17920
file type: application/x-dosexec
MD5: bd189b08f87a9fd13aa8a37a7ef76759
sha1: e8eabd9d956bd2457809965892fb081eb2763234

 CreateProcess

ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2832
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: 1618819205229_bd189b08f87a9fd13aa8a37a7ef76759.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618819205229_bd189b08f87a9fd13aa8a37a7ef76759.exe
pid: 2404
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2872
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2832
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2644
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2872
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2432
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2644
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2360
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2432
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2940
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2360
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2320
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2940
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2928
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2320
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 1600
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2928
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2768
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 1600
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2936
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2768
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2624
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2936
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2864
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2624
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 3016
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2864
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 648
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 3016
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2920
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 648
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 1584
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2920
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2508
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 1584
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2884
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2508
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 3048
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 2884
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 3032
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 3048
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 1080
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 3032
ApplicationName: C:\Windows\System32\LSASSMGR.EXE
CmdLine: "C:\Windows\system32\LSASSMGR.EXE"
childid: 2264
childname: LSASSMGR.EXE
childpath: C:\Windows\SysWOW64\LSASSMGR.EXE
drop_type:
name: LSASSMGR.EXE
noNeedLine:
path: C:\Windows\SysWOW64\LSASSMGR.EXE
pid: 1080
ApplicationName:
CmdLine:
childid: 2404
childname: 1618819205229_bd189b08f87a9fd13aa8a37a7ef76759.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618819205229_bd189b08f87a9fd13aa8a37a7ef76759.exe
drop_type:
name:
noNeedLine:
path:
pid: 2112

 Summary

buffer: C:\Windows\system32\LSSMON.EXE
processid: 2404
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2404
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2404
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2404
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2832
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2832
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2832
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2832
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2872
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2872
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2872
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2872
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2644
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2644
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2644
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2644
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2360
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2360
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2360
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2360
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2940
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2940
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2940
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2940
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2320
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2320
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2320
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2320
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2928
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2928
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2928
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2928
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 1600
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 1600
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 1600
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 1600
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2768
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2768
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2768
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2768
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2936
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2936
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2936
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2936
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2624
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2624
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2624
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2624
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2864
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2864
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2864
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2864
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 3016
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 3016
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 3016
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 3016
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 648
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 648
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 648
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 648
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2920
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2920
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2920
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2920
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 1584
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 1584
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 1584
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 1584
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2508
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2508
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2508
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2508
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2884
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2884
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2884
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2884
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 3048
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 3048
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 3048
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 3048
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 3032
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 3032
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 3032
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 3032
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 1080
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 1080
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 1080
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 1080
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Windows\system32\LSSMON.EXE
processid: 2264
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: Layersecurity Servicemonitor
buffer: C:\Windows\system32\spool.exe
processid: 2264
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\spoolsv.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Internet Explorer\iexplor.exe
processid: 2264
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\iexplore.exe
type: REG_SZ
valuename: Debugger
buffer: C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe
processid: 2264
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\firefox.exe
type: REG_SZ
valuename: Debugger

 Malicious

attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 6
process_id: 2404
process_name: 1618819205229_bd189b08f87a9fd13aa8a37a7ef76759.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 8
process_id: 2404
process_name: 1618819205229_bd189b08f87a9fd13aa8a37a7ef76759.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 9
process_id: 2404
process_name: 1618819205229_bd189b08f87a9fd13aa8a37a7ef76759.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 14
process_id: 2404
process_name: 1618819205229_bd189b08f87a9fd13aa8a37a7ef76759.exe
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2832
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2832
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2832
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2832
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2872
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2872
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2872
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2872
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2644
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2644
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2644
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2644
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2432
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2432
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2432
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2432
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2360
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2360
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2360
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2360
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2940
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2940
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2940
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2940
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2320
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2320
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2320
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2320
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2928
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2928
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2928
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2928
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 1600
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 1600
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 1600
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 1600
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2768
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2768
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2768
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2768
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2936
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2936
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2936
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2936
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2624
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2624
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2624
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2624
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2864
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2864
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2864
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2864
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 3016
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 3016
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 3016
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 3016
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 648
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 648
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 648
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 648
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2920
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2920
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2920
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2920
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 1584
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 1584
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 1584
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 1584
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2508
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2508
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2508
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2508
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2884
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2884
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2884
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2884
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 3048
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 3048
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 3048
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 3048
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 3032
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 3032
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 3032
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 3032
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 1080
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 1080
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 1080
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 1080
process_name: LSASSMGR.EXE
rulename: 进行进程劫持
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 5
process_id: 2264
process_name: LSASSMGR.EXE
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2264
process_name: LSASSMGR.EXE
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 8
process_id: 2264
process_name: LSASSMGR.EXE
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 13
process_id: 2264
process_name: LSASSMGR.EXE
rulename: 进行进程劫持