Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14/08/2024, 19:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/mategol/PySilon-malware
Resource
win10v2004-20240802-en
General
-
Target
https://github.com/mategol/PySilon-malware
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 30 camo.githubusercontent.com 37 camo.githubusercontent.com 38 camo.githubusercontent.com 39 camo.githubusercontent.com 40 camo.githubusercontent.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3540 msedge.exe 3540 msedge.exe 4508 msedge.exe 4508 msedge.exe 3508 identity_helper.exe 3508 identity_helper.exe 4428 msedge.exe 4428 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 5824 OpenWith.exe 5208 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe -
Suspicious use of SendNotifyMessage 56 IoCs
pid Process 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe -
Suspicious use of SetWindowsHookEx 56 IoCs
pid Process 5668 OpenWith.exe 5736 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5824 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe 5208 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4508 wrote to memory of 3400 4508 msedge.exe 84 PID 4508 wrote to memory of 3400 4508 msedge.exe 84 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 2864 4508 msedge.exe 85 PID 4508 wrote to memory of 3540 4508 msedge.exe 86 PID 4508 wrote to memory of 3540 4508 msedge.exe 86 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87 PID 4508 wrote to memory of 1176 4508 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/mategol/PySilon-malware1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc8c046f8,0x7ffdc8c04708,0x7ffdc8c047182⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:82⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:4104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:82⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4068 /prefetch:82⤵PID:752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:4068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:2144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11274862411644654605,7907664938821436519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4020 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1660
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3996
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3696
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1680
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5668
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5736
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5824 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PySilon-malware-main\PySilon-malware-main\README.md2⤵PID:5876
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\PySilon-malware-main\PySilon-malware-main\PySilon.bat" "1⤵PID:464
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\PySilon-malware-main\PySilon-malware-main\PySilon.bat" "1⤵PID:2084
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5208
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD577e3644e95a021fd178f8265bda7205e
SHA168326c77e74f45f79feda842fc6807d36137af0c
SHA256586cd4f6884ca98250b29a3e4e7fc95f7356f8208d9c04271863a2ca0f049873
SHA512a3e3a984e2030b12384f39147d9021a8231abe8134e8400598cea3145e680f085ac36c153b6166d8b473d3ab8681419d5be4942ee173775603f36b23d72840a5
-
Filesize
748B
MD591d82624fc52f23ffa3832f67b61cd70
SHA11dd90403702abb7ce80bb4c08387b9046164b225
SHA256f5bacce4418597a9bf5bc4731a692686557e14564939d59810e053cb2d393869
SHA5122c65642689e377064ef0f7b5faf2e396d983b47270963c73dc9920a4d8981a0c91d7b69701a752a517f6c12c41f21cde11dab408529c0ceca21784e10f841570
-
Filesize
6KB
MD5cc36add3c758266e893a109d6e3f097c
SHA1ebc0f51d5ea4c09a8857e359e39514efe17c59b0
SHA2568a26af0fbaa066c286eb5217f2d053e549741f3681e04f710c34e4786191b46d
SHA512b5665ddfd2733c748f8e3416561e6093bc8107fe2d5dc557726ae67937bffb4625b2f1b0abe79c27efeb5cee124e8958c4cd4bcdb2738fbdac31f80cd24c1876
-
Filesize
6KB
MD53a875902c2134dec56f7fa99c89805bf
SHA1798e3b5d7942a796eb1c0ae326408c5903974281
SHA25624d754bddf0f68a7b286254e28c5ba512d5e60912f63f99ba89a32130c4487ba
SHA512d953578a5aee59d23ee589a2df4fe91dc023347df37c25530320ca32e383a72faf975891ec8bb6c628949ef809148ae6b0a7d9b84559a3aa19488b57db9968ff
-
Filesize
6KB
MD507a7e3d878d6c1edb126e0ae6c327f49
SHA1a931e75c7c8abb2c958a415f92f218a417050eca
SHA2566bf1963a5614bd8754b179fa8bfa8860c7c0d97b6c5cdae5f77d9f48e95e463a
SHA51269a5e24e708c1f7ff1fbc3bca6062fdd68f641f197934002b61b21ec96a0216d52d4e3cd633228e2c765e7073575419bbfd886712248d030299cab40c9894056
-
Filesize
1KB
MD5545ed7645151eb7e6992cc174bf78167
SHA1978c985e6adf5d08596ea530c6cb0ccd89a0d68c
SHA2568357990b8cda23dd58e61732f6f79d9a04dc8bc9efac6433abb89493be9c9963
SHA5122563854aba6c10cb015ecfe7286816575e59428f84c92ef3b2717480f98a3da7bf5d9b379a3c22b6278953aba812e91d4216fb1eafbf1c9e1e8388dfd1d3d2f0
-
Filesize
1KB
MD525401fa319958b59b863426801fd8046
SHA15f76b08343c2704ad7e687901468c9e9561e8690
SHA256543f87334cea36f5360c3848aee26d97216ff4b1fa519bc84744c95a53541a02
SHA512e452f9d60f56a92c44ba54e9471cdcfa3ff2d0431f8556ffa5b6a6463ab8cad44d0a5985e60c1c20504200b54c05595f6a3223ec8f163e2c0e0efcd6680e0ad6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c5c6e3dfcd1d91b4fbd732fcd53d0370
SHA13a5e4263e577c093337831d4fa8f1214988a19f7
SHA256cff4658e712bc68ea23d71c73071ccea8992889e451f78505918e185b5dc0d42
SHA512c9eeac7e17c4dc902685eabd2182ef69117dbb3fa3412831ab558c33cc8ca4f32d3e8d7b7dab5852fe8f23eaec391bfd5e629bf51f390f169c3fcfed82049d19
-
Filesize
11KB
MD5b28d29b8caa90c05c0006c24d08bdbae
SHA1911e3a7c37eb9bb879ffb50fba2c7856df81f5ef
SHA25678dd8f892a7b2b3917669e4d5fc7729e3b6150bdf8195059bea3c424e4591fed
SHA5123641d84a663db31e10223ed28874cfe20d0c83c4d101031cfc3f2eb5f9e9070929643decaf65494ce4e5383baa2cd61055b3c91e6c4a070fbee6f33b50c00db9
-
Filesize
2.0MB
MD54dd99d359a4113d284bb4f8315a96e2a
SHA14cb3a11eac95e4716ec722dae0f02510255dfa14
SHA256a9ccafa9381d1c3efb451eab4bdc476e113560d155587957dc78c7c86a8c8754
SHA512468f2b55578ce2e4f39e06d4ae559f13f73dbd3ddecdf00c13e28a417275552b55f4050d0d41ca66074478ece36a9a2b6b4b117b59563556200025bd012b7d51