Report #11019 check_circle

  • Creation Date: Sept. 3, 2020, 9:09 p.m.
  • Last Update: Sept. 3, 2020, 11:35 p.m.
  • File: Dropper_046.exe
  • Results:
Binary
DLL
False cancel
Size
1.18MB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
72698be855c591775f678b34b178e918
sha1
2b8f2c1a842c44811211e0dc8876b2a00e9f5993
crc32
0xfc2ccecf
sha224
33aa94c1cab91d0d7f3f196f5aa3e628d9f0c55258fa0ed4ecd1ad49
sha256
9410445f50a6b41e97fdd0c3b3ec8c5ecce07bf4ca906786db6c6a72ae0db178
sha384
a6b90230ad220e21ee59cba8f39ed0c464eaa849bec9d4a0f6ee6896dc0cdc845a96e799ff36ab6f95be49b8afca6453
sha512
ac65fb96754e63cbdc6200a986a1825fc6a742d1107b4cb68f14c0057195fc6225bf34aa983685e610a660508bc569bda946f124d26af9a0edcf1c04a0793336
ssdeep
24576:gvNzMXyJW0k7lAlYpEYZUJ6LqoA6/vYaKf:GzMXyJW3hAliNk6Lq0/Kf
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, contentis_base64, anti_dbg, screenshot, HasDebugData, url, win_token, win_mutex, win_registry, IsPE64, IsConsole, win_files_operation, Microsoft_Visual_Cpp_80_DLL, HasRichSignature, IP

Suspicious
True check_circle

Strings
List
,https://www.example.com/my_product/info.html0
C:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
C.sA
j.eR
H.KE
u.WF
u.om
wmlaunch.exe
wmlaunch.exe
u.Jm
name="Microsoft.Windows.MediaPlayer.WMLaunch"
Rh+hKE.abu
COMCTL32.dll
COMCTL32.dll
MSVCR110.dll
WINMM.dll
UxTheme.dll
proc.exe
proc.exe
&oh?>iu
RinterfacE\{b196b287-bab4-101a-b69c-00aa00341d07}
0d]%e
@V$ad_%astV/tdV<
^em%;ctk_<o%c\e
rSazaFh
<description>Windows Media Player Launcher</description>
;LeDNS5
<requestedPrivileges>
<requestedPrivileges>
AdNS%
__crt_debugger_hook
Windows Media Player Launcher
vSSdQ>o5m3x%hcs?rS
%EsF/HdPaJMtko
IsProcessorFeaturePresent
GetProcAddress
ExitProcess
CreateEventW
SetWinEventHook
CreateEventW
DDPIgVncJv
GetForegroundWindow
IsDebuggerPresent
SuspendThread
OpenProcessToken
TerminateProcess
CreateProcessW
CreateProcessA
CreateProcessW
DeviceIoControl
ShellExecuteExW
CoCreateInstance
VirtualAlloc
CoCreateInstance
VirtualAlloc
MapViewOfFileEx
MapViewOfFile
VirtualProtect
ControlService
DeleteService
LoadResource
StartServiceW
QueryPerformanceCounter
RegDeleteValueW
OpenSCManagerW
OpenServiceW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExA
HeapCreate
RegOpenKeyW
CreateDirectoryA
RemoveDirectoryA
CreateFileMappingA
DeleteFileW
RegOpenKeyExW
RegQueryValueExW
LoadResource
CreateFileW
RegQueryValueExW
RegCreateKeyW
SetFilePointer
CreateDirectoryW
GetModuleHandleW
RemoveDirectoryW
GetModuleHandleA
GetModuleHandleW
MoveFileExW
LoadLibraryExW
CreateFileA
LoadLibraryA
GetModuleFileNameA
GetModuleFileNameW
QueryPerformanceCounter
WriteFile
RegOpenKeyExW
RegDeleteKeyW
CopyFileW

Foremost
Matches
24.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: https://www.example.com/my_product/info.html0
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: ADVAPI32.dll, SHLWAPI.dll, SHELL32.dll, RPCRT4.dll, WINMM.dll, OLEAUT32.dll, USER32.dll, MSVCR110.dll, COMCTL32.dll, COMDLG32.dll, ole32.dll, UxTheme.dll, GDI32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 1234944
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6772
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, shlwapi.dll, shell32.dll, rpcrt4.dll, winmm.dll, oleaut32.dll, user32.dll, comctl32.dll, comdlg32.dll, ole32.dll, uxtheme.dll, gdi32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-03 21:04:58
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
12448
Suspicious
True check_circle
Disassembly
hasTricks
False cancel
Tricks
AVclass
zbot
1
VirusTotal
md5
72698be855c591775f678b34b178e918
sha1
2b8f2c1a842c44811211e0dc8876b2a00e9f5993
SCANS (DETECTION RATE = 34.78%)
AVG
result: Win32:DangerousSig [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200903
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=85)
update: 20200904
version: 2019.9.16.1
detected: True check_circle

APEX
update: 20200901
version: 6.66
detected: False cancel

Bkav
update: 20200903
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200903
version: 11.133.35155
detected: False cancel

ALYac
result: Gen:Variant.Razy.725518
update: 20200903
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:DangerousSig [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.xxyum
update: 20200903
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200904
version: 4.0.0.24
detected: False cancel

Cyren
update: 20200903
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.Siggen10.5233
update: 20200903
version: 7.0.48.8080
detected: True check_circle

GData
result: Gen:Variant.Razy.725518
update: 20200903
version: A:25.26875B:27.20044
detected: True check_circle

Panda
update: 20200903
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200903
version: 4.4.1
detected: False cancel

VIPRE
update: 20200904
version: 86426
detected: False cancel

Zoner
update: 20200903
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200903
version: 0.102.4.0
detected: False cancel

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
update: 20200903
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200903
version: 6.0.6.653
detected: False cancel

Rising
result: Trojan.Kryptik!1.C974 (CLASSIC)
update: 20200904
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200903
version: 4.98.0
detected: False cancel

Yandex
update: 20200903
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200903
version: 2.0.0.4168
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Razy.DB120E
update: 20200904
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200904
version: 2.3.1.101
detected: False cancel

Elastic
update: 20200831
version: 4.0.8
detected: False cancel

FireEye
result: Generic.mg.72698be855c59177
update: 20200903
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200903
version: 2020-09-03.02
detected: False cancel

Tencent
result: Malware.Win32.Gencirc.10cde743
update: 20200904
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200903
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200904
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200904
detected: False cancel

Ad-Aware
result: Gen:Variant.Razy.725518
update: 20200903
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200904
version: 4.2
detected: False cancel

F-Secure
result: Trojan.TR/Kryptik.xxyum
update: 20200903
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20200903
version: 6.2.142.0
detected: False cancel

Invincea
update: 20200903
version: 1.0.1.0
detected: False cancel

Jiangmin
update: 20200903
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200904
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200904
version: 1.0
detected: False cancel

Symantec
update: 20200903
version: 1.12.0.0
detected: False cancel

AhnLab-V3
update: 20200903
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
result: Trojan[Downloader]/Win32.Deyma
update: 20200903
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Spy.Win32.Zbot.zzvs
update: 20200904
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.104387859.susgen
update: 20200902
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200903
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200904
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
result: Trojan-Spy.Win32.Zbot.zzvs
update: 20200903
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of Win32/Kryptik.HFHM
update: 20200904
version: 21932
detected: True check_circle

TrendMicro
update: 20200904
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Variant.Razy.725518
update: 20200903
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_70% (D)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200903
version: 11.133.35155
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
update: 20200903
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20200903
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200903
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Zbot.hqiysv
update: 20200903
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZexaF.34216.kr1@a03XPJii
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Razy.725518
update: 20200903
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200828
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200904
version: 10.0.0.1040
detected: False cancel

total
69
sha256
9410445f50a6b41e97fdd0c3b3ec8c5ecce07bf4ca906786db6c6a72ae0db178
scan_id
9410445f50a6b41e97fdd0c3b3ec8c5ecce07bf4ca906786db6c6a72ae0db178-1599182985
resource
72698be855c591775f678b34b178e918
positives
24
scan_date
2020-09-04 01:29:45
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.715Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.731Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.747Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.762Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.778Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.793Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.809Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.934Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.950Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:42.965Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.122Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Monitor
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Monitor
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Monitor
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Monitor\ui\SwDRM.dll
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.262Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 22:45:43.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 22:45:43.278Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 22:45:43.278Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 22:45:43.278Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Monitor\4350ijy30u945j9f
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Monitor\4350ijy30u945j9f
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\Fonts\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Monitor\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Monitor\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\system\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\zZoddUUrBc
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\Fonts\jsMbd Trk
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Monitor\jsMbd Trk
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Monitor\jsMbd Trk
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\jsMbd Trk
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\system\jsMbd Trk
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\jsMbd Trk
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\jsMbd Trk
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\jsMbd Trk
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\jsMbd Trk
3/9/2020 - 22:45:43.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\jsMbd Trk
3/9/2020 - 22:45:43.309Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 22:45:43.403Open1488C:\Monitor\proc.exeC:\Monitor\ktmw32.dll
3/9/2020 - 22:45:43.403Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 22:45:43.403Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Monitor\bcrypt.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Monitor\WINHTTP.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\winhttp.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\winhttp.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Monitor\webio.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\webio.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\webio.dll
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 22:45:43.653Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 22:45:43.653Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-1.DLL
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-1.DLL
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-core-localization-obsolete-l1-2-0.DLL
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 22:45:43.700Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 22:45:43.793Open1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 22:45:43.793Unknown1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Monitor\cryptsp.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Monitor\credssp.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\credssp.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\credssp.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\wship6.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\wship6.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Monitor\DNSAPI.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 22:45:43.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 22:45:43.950Open1488C:\Monitor\proc.exeC:\Monitor\IPHLPAPI.DLL
3/9/2020 - 22:45:43.950Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 22:45:43.950Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 22:45:43.950Open1488C:\Monitor\proc.exeC:\Monitor\WINNSI.DLL
3/9/2020 - 22:45:43.950Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 22:45:43.950Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 22:45:43.997Open1488C:\Monitor\proc.exeC:\Monitor\rasadhlp.dll
3/9/2020 - 22:45:43.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 22:45:43.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 22:45:44.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 22:45:44.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 22:45:45.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schannel.dll
3/9/2020 - 22:45:45.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schannel.dll
3/9/2020 - 22:45:45.747Open1488C:\Monitor\proc.exeC:\Monitor\secur32.dll
3/9/2020 - 22:45:45.747Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 22:45:45.747Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Monitor\ncrypt.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ncrypt.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ncrypt.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcryptprimitives.dll
3/9/2020 - 22:45:45.762Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcryptprimitives.dll
3/9/2020 - 22:45:45.762Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\p2pcollab.dll
3/9/2020 - 22:45:45.762Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\p2pcollab.dll
3/9/2020 - 22:45:45.762Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\qagentrt.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
3/9/2020 - 22:45:45.762Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
3/9/2020 - 22:45:45.762Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
3/9/2020 - 22:45:45.762Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
3/9/2020 - 22:45:45.762Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
3/9/2020 - 22:45:45.778Open1488C:\Monitor\proc.exeC:\Monitor\GPAPI.dll
3/9/2020 - 22:45:45.778Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\gpapi.dll
3/9/2020 - 22:45:45.778Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\gpapi.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
3/9/2020 - 22:45:45.872Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
3/9/2020 - 22:45:45.872Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
3/9/2020 - 22:45:45.872Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Monitor\CRYPTSP.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 22:45:45.872Open1488C:\Monitor\proc.exeC:\Monitor\cryptnet.dll
3/9/2020 - 22:45:45.887Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptnet.dll
3/9/2020 - 22:45:45.887Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptnet.dll
3/9/2020 - 22:45:45.887Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:45.887Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:45.887Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:45.887Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:45.887Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:45.887Open1488C:\Monitor\proc.exeC:\Monitor\SensApi.dll
3/9/2020 - 22:45:45.887Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\SensApi.dll
3/9/2020 - 22:45:45.887Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\SensApi.dll
3/9/2020 - 22:45:45.981Open1488C:\Monitor\proc.exeC:\Monitor\dhcpcsvc6.DLL
3/9/2020 - 22:45:45.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
3/9/2020 - 22:45:45.981Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
3/9/2020 - 22:45:45.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
3/9/2020 - 22:45:45.981Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
3/9/2020 - 22:45:46.28Open1488C:\Monitor\proc.exeC:\Monitor\dhcpcsvc.DLL
3/9/2020 - 22:45:46.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc.dll
3/9/2020 - 22:45:46.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc.dll
3/9/2020 - 22:45:46.122Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:46.122Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:46.122Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:46.122Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:46.122Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:46.825Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow
3/9/2020 - 22:45:46.825Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
3/9/2020 - 22:45:46.825Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
3/9/2020 - 22:45:46.825Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
3/9/2020 - 22:45:46.825Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
3/9/2020 - 22:45:46.825Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
3/9/2020 - 22:45:46.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A

Process
Trace
3/9/2020 - 22:45:43.262Create1480C:\malware.exe1488C:\Monitor\proc.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
3/9/2020 - 22:45:45.762Write1488C:\Monitor\proc.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/9/2020 - 22:45:45.762Write1488C:\Monitor\proc.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/9/2020 - 22:45:45.762Write1488C:\Monitor\proc.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/9/2020 - 22:45:45.762Write1488C:\Monitor\proc.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/9/2020 - 22:45:45.762Write1488C:\Monitor\proc.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/9/2020 - 22:45:52.778Delete1488C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
3/9/2020 - 22:45:52.778Write1488C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
3/9/2020 - 22:45:52.778Delete1488C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
3/9/2020 - 22:45:52.778Write1488C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
3/9/2020 - 22:45:52.778Delete1488C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
3/9/2020 - 22:45:52.778Write1488C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
3/9/2020 - 22:45:52.778Delete1488C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
3/9/2020 - 22:45:52.778Write1488C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code apps.identrust.com.
computer localhost arrow_forward computer gateway:50273 code telete.in.
computer localhost arrow_forward computer gateway:DNS code telete.in.

Response
computer gateway:DNS arrow_forward computer localhost code apps.identrust.com. reply_all 192.35.177.64

computer gateway:DNS arrow_forward computer localhost code telete.in. reply_all 195.201.225.248


TCP
Info
computer localhost:65200 arrow_forward 195.201.225.248:443
computer localhost:65213 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65204
computer localhost:65231 arrow_forward 195.201.225.248:443
computer localhost:65229 arrow_forward 195.201.225.248:443
computer localhost:65197 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65214
195.201.225.248:443 arrow_forward computer localhost:65202
computer localhost:65206 arrow_forward 195.201.225.248:443
computer localhost:65201 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65223
computer localhost:65212 arrow_forward 195.201.225.248:443
computer localhost:65227 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65215
195.201.225.248:443 arrow_forward computer localhost:65210
195.201.225.248:443 arrow_forward computer localhost:65231
computer localhost:65210 arrow_forward 195.201.225.248:443
computer localhost:65222 arrow_forward 195.201.225.248:443
computer localhost:65203 arrow_forward 195.201.225.248:443
computer localhost:65196 arrow_forward 195.201.225.248:443
computer localhost:65217 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65200
195.201.225.248:443 arrow_forward computer localhost:65201
192.35.177.64:80 arrow_forward computer localhost:65192
195.201.225.248:443 arrow_forward computer localhost:65221
195.201.225.248:443 arrow_forward computer localhost:65226
computer localhost:65219 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65197
computer localhost:65192 arrow_forward 192.35.177.64:80
195.201.225.248:443 arrow_forward computer localhost:65211
195.201.225.248:443 arrow_forward computer localhost:65199
computer localhost:65223 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65216
computer localhost:65221 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65218
computer localhost:65214 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65207
computer localhost:65198 arrow_forward 195.201.225.248:443
computer localhost:65226 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65228
195.201.225.248:443 arrow_forward computer localhost:65209
computer localhost:65202 arrow_forward 195.201.225.248:443
computer localhost:65207 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65196
computer localhost:65218 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65217
195.201.225.248:443 arrow_forward computer localhost:65193
195.201.225.248:443 arrow_forward computer localhost:65212
195.201.225.248:443 arrow_forward computer localhost:65198
computer localhost:65195 arrow_forward 195.201.225.248:443
computer localhost:65215 arrow_forward 195.201.225.248:443
computer localhost:65205 arrow_forward 195.201.225.248:443
computer localhost:65224 arrow_forward 195.201.225.248:443
computer localhost:65232 arrow_forward 195.201.225.248:443
computer localhost:65225 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65206
195.201.225.248:443 arrow_forward computer localhost:65203
computer localhost:65220 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65208
195.201.225.248:443 arrow_forward computer localhost:65224
195.201.225.248:443 arrow_forward computer localhost:65195
computer localhost:65191 arrow_forward 195.201.225.248:443
computer localhost:65204 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65229
195.201.225.248:443 arrow_forward computer localhost:65213
computer localhost:65199 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65219
195.201.225.248:443 arrow_forward computer localhost:65222
computer localhost:65230 arrow_forward 195.201.225.248:443
computer localhost:65208 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65205
computer localhost:65194 arrow_forward 195.201.225.248:443
computer localhost:65228 arrow_forward 195.201.225.248:443
computer localhost:65216 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65227
195.201.225.248:443 arrow_forward computer localhost:65194
computer localhost:65209 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65220
195.201.225.248:443 arrow_forward computer localhost:65191
computer localhost:65193 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65225
195.201.225.248:443 arrow_forward computer localhost:65230
computer localhost:65211 arrow_forward 195.201.225.248:443
195.201.225.248:443 arrow_forward computer localhost:65232

UDP
Info
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET apps.identrust.com attach_file /roots/dstrootcax3.p7c

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 85.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 95.40%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 54.45%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 98.79%
suspicious: False cancel

Add to Collection
Download