Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/08/2024, 19:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://novoline.lol/assets/prod.zip
Resource
win10v2004-20240802-en
General
-
Target
https://novoline.lol/assets/prod.zip
Malware Config
Signatures
-
Drops file in System32 directory 11 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings mspaint.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 4812 msedge.exe 4812 msedge.exe 4984 msedge.exe 4984 msedge.exe 1912 identity_helper.exe 1912 identity_helper.exe 632 msedge.exe 632 msedge.exe 5488 mspaint.exe 5488 mspaint.exe 704 msedge.exe 704 msedge.exe 704 msedge.exe 704 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5824 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 5488 mspaint.exe 5824 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4984 wrote to memory of 4988 4984 msedge.exe 84 PID 4984 wrote to memory of 4988 4984 msedge.exe 84 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4316 4984 msedge.exe 86 PID 4984 wrote to memory of 4812 4984 msedge.exe 87 PID 4984 wrote to memory of 4812 4984 msedge.exe 87 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88 PID 4984 wrote to memory of 1868 4984 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://novoline.lol/assets/prod.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff132a46f8,0x7fff132a4708,0x7fff132a47182⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:82⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:82⤵PID:660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5168 /prefetch:82⤵PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2175753798505560714,14955686228815534643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:704
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1140
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2932
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5368
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\start.bat" "1⤵PID:5712
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\install_dependencies.bat" "1⤵PID:5824
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\install_dependencies.bat" "1⤵PID:5948
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\install_dependencies.bat" "1⤵PID:6012
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\start.bat" "1⤵PID:6132
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\install_dependencies.bat" "1⤵PID:2312
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\start.bat" "1⤵PID:5432
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\start.bat" "1⤵PID:3404
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\start.bat" "1⤵PID:5636
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\install_dependencies.bat" "1⤵PID:5788
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\install_dependencies.bat" "1⤵PID:5848
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\install_dependencies.bat" "1⤵PID:5912
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\install_dependencies.bat" "1⤵PID:5960
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\install_dependencies.bat" "1⤵PID:6028
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\start.bat" "1⤵PID:5084
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\prod\start.bat" "1⤵PID:3920
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\prod\start.bat"1⤵PID:6068
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\prod\devs.png" /ForceBootstrapPaint3D1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5488
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc1⤵
- Drops file in System32 directory
PID:4144
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
180B
MD50076ce2de60b5b3a03fa9e2b9f63236c
SHA1b5a9473069c6b49237ed8aa10121eb5161c2922e
SHA256ad98047a520dc112e0aa5555acd2b2c6b4ea535c252fa791f0c1b8290dc10fff
SHA512fa593d9a6d326f3ffa0e9f1f40d9786ce1e3168efac2c0da8f9ce8c13a53a794e6eca184381935194593bdcad60c62ef555cb1e1c48423410dbabed8aee2474e
-
Filesize
6KB
MD5209313c051d55e3290d5f12b38b755a7
SHA1c46125a7e752982781c23887bab89bc266657e4f
SHA25651399c20e79878501e34435949f675c1c345ce7f1fede575afc9b6e0161388ee
SHA512b56eb572312e64573a081f96345a1fafbfa89b8e6adece097375e289f04589df279a3de4632e852e6541d3c80cec648a5f4021aaef8e9a2df57b3d88742f0aac
-
Filesize
6KB
MD574006cdef8ca9b75692391f76ae4271f
SHA170b6b002997b8709db80c48e3b8a71f3506a0b7a
SHA25696c9b2879e2c915c97ed94104352b71776203c0cef81f28cadccd6923278aeef
SHA512092f130db0cea108511e0bfb4aaa5bcbb12853f9817c2efb47b8163775445d252f143f06545373ea39c2eb2871482457fc51fe5e89b404261b2ceec6d64cefae
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD543e25d21926a8eabfcef01c99e57a99a
SHA1ec238240f22bf61023575ec5ca32fb3bd5c6a454
SHA2569d13248cc57a85dafc6c0a47a8bc7bfd12c3002f522b1b77b84301e43bdbdd92
SHA512bdc804b2a4738bcd2e0ad0918ff77a1e228fe6428f060163d610d8271015b97a5c456cb61c9b93d370cb797c0b141b45b55f834323b4f207a914b3e49fb4fe3c
-
Filesize
11KB
MD56dbe8c100746bcd983fe4209dc2c431d
SHA1812a2f0f46d56a8988d020d00e499c1c64140199
SHA25676d05f8aa3d7529fe156600ed0522439ada05943bfbb0aad0ba5312711907e65
SHA512fd9fc6f5e885206ffb82f3f8fe885cd2c730192fbafba42eb9f311e15bd2dc29db6ea9e4552378dd726da26ecf5eee3f85d8cbd5b58227e61875594172036ba5
-
Filesize
1.1MB
MD5c570b128e070834bbc6e5bb6a7b3dc4e
SHA169fd326f3a4ecd02982478e37c665b215b71c9c1
SHA256f0f206cf61b6d5292dcc4e45e7360e2de99a33726be7691512776f60d80de20c
SHA51294bd343df97a407f1145a3196f0a8b44eb27448fbd95a37f70cfa56ef9a1559407194f7e5c74ffdfdb0d0f250d0b9018dccb9e9ebf7c208f9a225b65a5c9401a