Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 20, 2024, 9:18 a.m.	Oct. 20, 2024, 10:13 a.m.

Size	856.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`91b01b252f1497b77fb58b020088c0ef`
SHA256	`52e4d755afe7a8798e9d71bb37da4c0e5aba6e38a9ac2f113930223340df4a3b`
CRC32	`00E9BE7A`
ssdeep	`12288:DXEIAQDh746ssawGiU/CN0QTi7frZ9vcMdGU/qrWG3zuj:Dv739aPiU6N7TWrZ9kMdGU/q6G34`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature ASPack_Zero - ASPack packed file DllRegisterServer_Zero - execute regsvr32.exe Antivirus - Contains references to security software IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

system64.exe "C:\Users\test22\AppData\Local\Temp\system64.exe"
1208

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	TEXTINCLUDE
resource name	WAVE

Foreign language identified in PE resource (50 out of 57 events)

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00104dc0

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00104dc0

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00104dc0

size

0x00000151

name

WAVE

language

LANG_CHINESE

filetype

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00104f14

size

0x00001448

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001068e0

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001068e0

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001068e0

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001068e0

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001068e0

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001068e0

size

0x00000134

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001081d4

size

0x00000144

name

RT_MENU

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00108a1c

size

0x00000284

name

RT_MENU

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00108a1c

size

0x00000284

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c64

size

0x0000018c

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a6ac

size

0x00000024

name

RT_GROUP_CURSOR

language

LANG_CHINESE

filetype

Lotus unknown worksheet or configuration, revision 0x2

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a720

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

filetype

Lotus unknown worksheet or configuration, revision 0x2

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0010a720

size

0x00000022

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (31 events)

Time & API	Arguments	Status	Return
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: mobsync.exe process_identifier: 1668	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: wsqmcons.exe process_identifier: 932	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: sdclt.exe process_identifier: 1836	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: taskhost.exe process_identifier: 1280	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: SearchProtocolHost.exe process_identifier: 300	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: cmd.exe process_identifier: 1960	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: SearchFilterHost.exe process_identifier: 1684	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: conhost.exe process_identifier: 880	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: system64.exe process_identifier: 1208	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: pw.exe process_identifier: 1268	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001ac process_name: schtasks.exe process_identifier: 2056	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001ac process_name: conhost.exe process_identifier: 2064	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000498 process_name: svchost.exe process_identifier: 2232	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000004a0 process_name: mscorsvw.exe process_identifier: 2260	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000004a8 process_name: mscorsvw.exe process_identifier: 2308	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000004c8 process_name: sppsvc.exe process_identifier: 2352	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000824 process_name: cmd.exe process_identifier: 2428	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000824 process_name: conhost.exe process_identifier: 2436	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000824 process_name: pw.exe process_identifier: 2460	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000eb4 process_name: cmd.exe process_identifier: 2516	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000eb4 process_name: conhost.exe process_identifier: 2524	1	1
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000eb4 process_name: pw.exe process_identifier: 2548	1	1
Process32NextW Oct. 20, 2024, 9:19 a.m.	snapshot_handle: 0x0000152c process_name: cmd.exe process_identifier: 2564	1	1
Process32NextW Oct. 20, 2024, 9:19 a.m.	snapshot_handle: 0x0000152c process_name: conhost.exe process_identifier: 2572	1	1
Process32NextW Oct. 20, 2024, 9:19 a.m.	snapshot_handle: 0x00001534 process_name: pw.exe process_identifier: 2600	1	1
Process32NextW Oct. 20, 2024, 9:19 a.m.	snapshot_handle: 0x00001bb0 process_name: cmd.exe process_identifier: 2628	1	1
Process32NextW Oct. 20, 2024, 9:19 a.m.	snapshot_handle: 0x00001bb0 process_name: conhost.exe process_identifier: 2636	1	1
Process32NextW Oct. 20, 2024, 9:19 a.m.	snapshot_handle: 0x00001bb8 process_name: pw.exe process_identifier: 2660	1	1
Process32NextW Oct. 20, 2024, 9:19 a.m.	snapshot_handle: 0x00002234 process_name: cmd.exe process_identifier: 2684	1	1
Process32NextW Oct. 20, 2024, 9:19 a.m.	snapshot_handle: 0x00002234 process_name: conhost.exe process_identifier: 2692	1	1
Process32NextW Oct. 20, 2024, 9:19 a.m.	snapshot_handle: 0x00002234 process_name: pw.exe process_identifier: 2716	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 2172 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000019c process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001a0 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001a4 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001a8 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001ac process_name: conhost.exe process_identifier: 2064		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001b0 process_name: conhost.exe process_identifier: 2064		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001b4 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001b8 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001bc process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001c0 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001c4 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001c8 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001cc process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001d0 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001d4 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001d8 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001dc process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001e0 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001e4 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001e8 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001ec process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001f0 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001f4 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001f8 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x000001fc process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000200 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000204 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000208 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000020c process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000210 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000214 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000218 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000021c process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000220 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000224 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000228 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000022c process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000230 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000234 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000238 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000023c process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000240 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000244 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000248 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000024c process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000250 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000254 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x0000025c process_name: pw.exe process_identifier: 1268		0	0
Process32NextW Oct. 20, 2024, 9:18 a.m.	snapshot_handle: 0x00000260 process_name: pw.exe process_identifier: 1268		0	0

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kiss770.cn

reg_value

C:\Users\test22\AppData\Local\Temp\system64.exe

Creates a windows hook that monitors keyboard input (keylogger) (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExA Oct. 20, 2024, 9:18 a.m.	thread_identifier: 0 callback_function: 0x00401b60 hook_identifier: 13 (WH_KEYBOARD_LL) module_address: 0x00400000	1	66015	0

system64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All