Report #11637 check_circle

  • Creation Date: Sept. 21, 2020, 7:05 p.m.
  • Last Update: Sept. 21, 2020, 7:09 p.m.
  • File: evader.exe
  • Results:
Binary
DLL
False cancel
Size
854.00KB
trid
49.0% InstallShield setup
31.4% Win64 Executable
7.4% Win32 Dynamic Link Library
5.1% Win32 Executable
2.3% OS/2 Executable
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
a3e642e747c93bf7ed7c4232656ab851
sha1
1ddd9ff9cc81fc1082a87621f419b40249d9e61b
crc32
0x1d60dc6a
sha224
00643ae4e92b5e2b9157886a3153d976ad1eb49f589871c03799d2e8
sha256
e14f48b04ccb28ebe6c8cd722e2299425ba35cba991b891cb74ebc281143aaa6
sha384
94f38b437c2646a9d791ec0d5c11c9fdc437e350f2d3d0ba958926a441362d35029f39d6f2f351228aa9d6e3a2b333a4
sha512
4f1f233c34cc4f8acff90a04b5843388ef4728474192ca72c8400c1e9f319edc046b0faf94f41d3af2d19d5220b7f55dd15ef02e2d0ca4971a09ed258efb7ed6
ssdeep
12288:mwtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaBTls6A:mwtb20pkaCqT5TBWgNQ7aVls6A
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
AutoIT_compiled_script, domain, anti_dbg, screenshot, IsPE64, win_token, contentis_base64, keylogger, CRC32_table, win_registry, HasDebugData, IsConsole, network_http, CRC32_poly_Constant, win_files_operation, AutoIt, escalate_priv, Microsoft_Visual_Cpp_80_DLL, HasRichSignature, IP, inject_thread

Suspicious
True check_circle

Strings
List
c:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
Gt.Ht$
WSOCK32.dll
Software\AutoIt v3\AutoIt
COMCTL32.dll
COMCTL32.dll
MSVCR110.dll
USERENV.dll
VERSION.dll
WININET.dll
WINMM.dll
WINMM.dll
UxTheme.dll
UxTheme.dll
0.0.0.0
MPR.dll
proc.exe
proc.exe
AUTOITCALLVARIABLE%d
255.255.255.255
SeDebugPrivilege
SeRestorePrivilege
<"t|<%tx<'tt<$tp<&tl<!th<otd<]t`<[t\<\tX<
\Include\
fr-be
fr-ca
fr-ch
This is a third-party compiled AutoIt script.
BACKSPACE
Hebrew
Include
HOTKEYSET
HOTKEYPRESSED
TaskbarCreated
too many forward references
number is too big
invalid range in character class
failed to get memory
regular expression is too large
closed
\ at end of pattern
\c at end of pattern
two named subpatterns have the same name
BROWSER_SEARCH
HKEY_CLASSES_ROOT
TCPSHUTDOWN
BROWSER_REFRESH
AutoIt has detected the stack has become corrupt.
BROWSER_STOP
BROWSER_FORWARD
BROWSER_BACK
BROWSER_HOME
LAUNCH_MAIL
BROWSER_FAVORTIES
HKEY_LOCAL_MACHINE
Line %d (File "%s"):
VOLUME_UP
VOLUME_DOWN
VOLUME_MUTE
] is an invalid data character in JavaScript compatibility mode
LAUNCH_MEDIA
SOFTWARE\Classes\
Line %d:
TCPLISTEN
FtpOpenFileW
SYSTEM\CurrentControlSet\Control\Nls\Language
FtpGetFileSize
FTPSETPROXY
SW_HIDE
AUTOITWINGETTITLE
GETCURRENTSELECTION
TCPCLOSESOCKET
TCPCONNECT
HTTPSETUSERAGENT
GETSELECTEDCOUNT
GETSELECTED
HTTPSETPROXY
WINGETCLASSLIST
CWM_GETCONTROLNAME
Control Panel\Mouse
Control Panel\Appearance
HttpOpenRequestW
HttpSendRequestW
/AutoIt3OutputDebug
mscoree.dll
LAUNCH_APP2
LAUNCH_APP1
WIN_VISTA
SeShutdownPrivilege
SeBackupPrivilege
SeIncreaseQuotaPrivilege
/AutoIt3ExecuteLine
SeAssignPrimaryTokenPrivilege
!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRRRRDEFGHIJKLMNO
AUTOIT.ERROR
#requireadmin
>>>AUTOIT SCRIPT<<<
SHELLDLL_DefView
LOCALAPPDATADIR

Foremost
Matches
24.exe, 840 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 255.255.255.255, 1, record
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: USER32.DLL, kernel32.dll, mscoree.dll, combase.dll, ADVAPI32.dll, SHLWAPI.dll, SHELL32.dll, WININET.dll, RPCRT4.dll, WINMM.dll, OLEAUT32.dll, PSAPI.DLL, VERSION.dll, MSVCR110.dll, COMCTL32.dll, COMDLG32.dll, USERENV.dll, ole32.dll, MPR.dll, IPHLPAPI.DLL, UxTheme.dll, GDI32.dll, WSOCK32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 869888
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6772
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll, mscoree.dll, combase.dll, advapi32.dll, shlwapi.dll, shell32.dll, wininet.dll, rpcrt4.dll, winmm.dll, oleaut32.dll, psapi.dll, version.dll, comctl32.dll, comdlg32.dll, userenv.dll, ole32.dll, mpr.dll, uxtheme.dll, gdi32.dll, wsock32.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll, iphlpapi.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-21 19:05:17
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
12448
Suspicious
True check_circle
Disassembly
hasTricks
False cancel
Tricks
AVclass
razy
1
VirusTotal
md5
a3e642e747c93bf7ed7c4232656ab851
sha1
1ddd9ff9cc81fc1082a87621f419b40249d9e61b
SCANS (DETECTION RATE = 43.48%)
AVG
result: Win64:BankerX-gen [Trj]
update: 20200921
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200921
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=83)
update: 20200921
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200919
version: 6.72
detected: True check_circle

Bkav
update: 20200921
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200921
version: 11.141.35289
detected: False cancel

ALYac
result: Gen:Variant.Razy.750015
update: 20200921
version: 1.1.1.5
detected: True check_circle

Avast
result: Win64:BankerX-gen [Trj]
update: 20200921
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1100099
update: 20200921
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200917
version: 4.0.0.24
detected: False cancel

Cyren
update: 20200921
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.Encoder.30162
update: 20200921
version: 7.0.49.9080
detected: True check_circle

GData
result: Gen:Variant.Razy.750015
update: 20200921
version: A:25.27097B:27.20251
detected: True check_circle

Panda
update: 20200921
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200921
version: 4.4.1
detected: False cancel

VIPRE
update: 20200921
version: 86866
detected: False cancel

Zoner
update: 20200920
version: 0.0.0.0
detected: False cancel

Comodo
update: 20200921
version: 32832
detected: False cancel

Ikarus
result: Trojan.Win32.Injector
update: 20200921
version: 0.1.5.2
detected: True check_circle

McAfee
update: 20200921
version: 6.0.6.653
detected: False cancel

Rising
result: Backdoor.Remcos!8.B89E (TFE:5:IBRWLZzTx1N)
update: 20200921
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200921
version: 4.98.0
detected: False cancel

Yandex
result: Trojan.Agent.Gen.QS
update: 20200911
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200919
version: 2.0.0.4178
detected: False cancel

Acronis
update: 20200917
version: 1.1.1.78
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Razy.DB71BF
update: 20200921
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200921
version: 2.3.1.101
detected: False cancel

Elastic
update: 20200917
version: 4.0.9
detected: False cancel

FireEye
result: Generic.mg.a3e642e747c93bf7
update: 20200921
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200921
version: 2020-09-21.02
detected: False cancel

Tencent
update: 20200921
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200921
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200921
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200921
detected: False cancel

Ad-Aware
result: Gen:Variant.Razy.750015
update: 20200921
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200921
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Variant.Razy.750015 (B)
update: 20200921
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Heuristic.HEUR/AGEN.1100099
update: 20200921
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W64/Kryptik.ERUI!tr
update: 20200921
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200921
version: 1.0.1.0
detected: False cancel

Jiangmin
result: Trojan.MSIL.qkml
update: 20200921
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200921
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200921
version: 1.0
detected: False cancel

Symantec
update: 20200921
version: 1.12.0.0
detected: False cancel

AhnLab-V3
result: Trojan/Win32.AgentTesla.R350864
update: 20200921
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
update: 20200921
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan.Script.Generic
update: 20200921
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200919
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200921
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200921
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
result: HEUR:Trojan.Script.Generic
update: 20200921
version: 1.0
detected: True check_circle

Cybereason
result: malicious.747c93
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win64/Kryptik.CAA
update: 20200921
version: 22027
detected: True check_circle

TrendMicro
update: 20200921
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Variant.Razy.750015
update: 20200921
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_60% (D)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200921
version: 11.141.35289
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Trojan.MalPack
update: 20200921
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200921
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200921
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.KillFiles.dgyqdn
update: 20200921
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: AI:Packer.0EED9BA815
update: 20200918
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Razy.750015
update: 20200921
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200918
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200921
version: 10.0.0.1040
detected: False cancel

total
69
sha256
e14f48b04ccb28ebe6c8cd722e2299425ba35cba991b891cb74ebc281143aaa6
scan_id
e14f48b04ccb28ebe6c8cd722e2299425ba35cba991b891cb74ebc281143aaa6-1600725921
resource
a3e642e747c93bf7ed7c4232656ab851
positives
30
scan_date
2020-09-21 22:05:21
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.668Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.684Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.700Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.715Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.731Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.747Unknown344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.747Open344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.934Unknown344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\Windows\System32\apphelp.dll
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\Windows\System32\apphelp.dll
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\Monitor
21/9/2020 - 18:45:43.934Unknown344C:\malware.exeC:\Monitor
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.934Unknown344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\
21/9/2020 - 18:45:43.934Unknown344C:\malware.exeC:\
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\Monitor
21/9/2020 - 18:45:43.934Unknown344C:\malware.exeC:\Monitor
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\Monitor
21/9/2020 - 18:45:43.934Unknown344C:\malware.exeC:\Monitor
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.934Read344C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:43.934Open344C:\malware.exeC:\Monitor\ui\SwDRM.dll
21/9/2020 - 18:45:43.950Unknown344C:\malware.exeC:\Monitor
21/9/2020 - 18:45:43.950Unknown344C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
21/9/2020 - 18:45:43.950Open532C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
21/9/2020 - 18:45:43.950Open532C:\Monitor\proc.exeC:\Windows
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows
21/9/2020 - 18:45:43.965Unknown532C:\Monitor\proc.exeC:\Windows
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Monitor
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Monitor\WSOCK32.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wsock32.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wsock32.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Monitor\VERSION.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Monitor\WINMM.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:43.965Unknown532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Monitor\MPR.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\mpr.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\mpr.dll
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Monitor\IPHLPAPI.DLL
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
21/9/2020 - 18:45:43.965Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
21/9/2020 - 18:45:43.981Open532C:\Monitor\proc.exeC:\Monitor\WINNSI.DLL
21/9/2020 - 18:45:43.981Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\winnsi.dll
21/9/2020 - 18:45:43.981Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\winnsi.dll
21/9/2020 - 18:45:43.981Open532C:\Monitor\proc.exeC:\Monitor\UxTheme.dll
21/9/2020 - 18:45:43.981Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 18:45:43.981Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 18:45:43.997Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 18:45:43.997Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 18:45:43.997Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 18:45:43.997Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 18:45:43.997Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 18:45:43.997Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 18:45:43.997Open532C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
21/9/2020 - 18:45:43.997Unknown532C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
21/9/2020 - 18:45:43.997Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 18:45:43.997Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Monitor
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor\dwmapi.dll
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\UxTheme.dll.Config
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\
21/9/2020 - 18:45:44.75Open532C:\Monitor\proc.exeC:\Monitor
21/9/2020 - 18:45:44.75Unknown532C:\Monitor\proc.exeC:\Monitor
21/9/2020 - 18:45:44.90Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\adob.exe
21/9/2020 - 18:45:44.90Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
21/9/2020 - 18:45:44.90Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
21/9/2020 - 18:45:44.184Open532C:\Monitor\proc.exeC:\Monitor\Secur32.dll
21/9/2020 - 18:45:44.184Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
21/9/2020 - 18:45:44.184Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
21/9/2020 - 18:45:44.184Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 18:45:44.184Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 18:45:44.184Open532C:\Monitor\proc.exeC:\Monitor\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 18:45:44.184Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 18:45:44.184Unknown532C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 18:45:44.184Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 18:45:44.184Unknown532C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\winhttp.dll
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\winhttp.dll
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\webio.dll
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\webio.dll
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Monitor\api-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
21/9/2020 - 18:45:44.231Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
21/9/2020 - 18:45:44.231Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
21/9/2020 - 18:45:44.293Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
21/9/2020 - 18:45:44.293Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
21/9/2020 - 18:45:44.293Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 18:45:44.293Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 18:45:44.387Open532C:\Monitor\proc.exeC:\Monitor\DNSAPI.dll
21/9/2020 - 18:45:44.387Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 18:45:44.387Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 18:45:44.528Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\netprofm.dll
21/9/2020 - 18:45:44.528Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\netprofm.dll
21/9/2020 - 18:45:44.528Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\nlaapi.dll
21/9/2020 - 18:45:44.528Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\nlaapi.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Monitor\dhcpcsvc6.DLL
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
21/9/2020 - 18:45:44.575Unknown532C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
21/9/2020 - 18:45:44.575Unknown532C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Monitor\CRYPTSP.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Monitor\RpcRtRemote.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 18:45:44.575Unknown532C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 18:45:44.575Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 18:45:44.575Unknown532C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 18:45:44.590Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 18:45:44.590Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 18:45:44.590Open532C:\Monitor\proc.exeC:\Monitor\dhcpcsvc.DLL
21/9/2020 - 18:45:44.590Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc.dll
21/9/2020 - 18:45:44.590Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\dhcpcsvc.dll
21/9/2020 - 18:45:44.637Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\npmproxy.dll
21/9/2020 - 18:45:44.637Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\npmproxy.dll
21/9/2020 - 18:45:44.637Open532C:\Monitor\proc.exeC:\Monitor\rasadhlp.dll
21/9/2020 - 18:45:44.637Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rasadhlp.dll
21/9/2020 - 18:45:44.637Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\rasadhlp.dll
21/9/2020 - 18:45:44.684Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
21/9/2020 - 18:45:44.684Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wininet.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:44.825Unknown532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\ws2_32.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\ws2_32.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 18:45:44.825Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 18:45:45.793Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wininet.dll
21/9/2020 - 18:45:45.793Open532C:\Monitor\proc.exeC:\Windows\SysWOW64\wininet.dll
21/9/2020 - 18:46:4.950Open532C:\Monitor\proc.exeC:\Monitor
21/9/2020 - 18:46:4.950Unknown532C:\Monitor\proc.exeC:\Monitor
21/9/2020 - 18:46:4.950Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\adob.exe
21/9/2020 - 18:46:4.950Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\adob.exe.exe
21/9/2020 - 18:46:13.981Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\adob.exe
21/9/2020 - 18:46:13.981Open532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
21/9/2020 - 18:46:13.981Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
21/9/2020 - 18:46:14.215Unknown532C:\Monitor\proc.exeC:\Windows
21/9/2020 - 18:46:14.215Unknown532C:\Monitor\proc.exeC:\Monitor
21/9/2020 - 18:46:14.215Unknown532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 18:46:14.215Unknown532C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
21/9/2020 - 18:46:14.215Unknown532C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

Process
Trace
21/9/2020 - 18:45:43.934Create344C:\malware.exe532C:\Monitor\proc.exe
21/9/2020 - 18:46:14.215Terminate344C:\malware.exe532C:\Monitor\proc.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
21/9/2020 - 18:45:44.231Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
21/9/2020 - 18:45:44.231Delete532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
21/9/2020 - 18:45:44.231Delete532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
21/9/2020 - 18:45:44.231Delete532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
21/9/2020 - 18:45:44.231Delete532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
21/9/2020 - 18:45:44.231Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
21/9/2020 - 18:45:44.231Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
21/9/2020 - 18:45:44.231Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
21/9/2020 - 18:45:44.231Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
21/9/2020 - 18:45:44.575Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/9/2020 - 18:45:44.575Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/9/2020 - 18:45:44.575Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/9/2020 - 18:45:44.575Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
21/9/2020 - 18:45:44.575Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/9/2020 - 18:45:44.575Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/9/2020 - 18:45:44.575Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/9/2020 - 18:45:44.575Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
21/9/2020 - 18:45:44.637Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/9/2020 - 18:45:44.637Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/9/2020 - 18:45:44.637Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/9/2020 - 18:45:44.637Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
21/9/2020 - 18:45:45.981Delete532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/9/2020 - 18:45:45.981Delete532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/9/2020 - 18:45:45.981Write532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/9/2020 - 18:45:45.981Delete532C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code www.solidaconstrutora.com.br.
computer localhost arrow_forward computer gateway:50273 code www.solidaconstrutora.com.br.

Response
computer gateway:DNS arrow_forward computer localhost code www.solidaconstrutora.com.br. reply_all 169.57.166.134


TCP
Info
computer localhost:65192 arrow_forward 169.57.166.134:80
169.57.166.134:80 arrow_forward computer localhost:65192

UDP
Info
computer localhost:67 arrow_forward computer localhost:68
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET www.solidaconstrutora.com.br attach_file /site/images/adob.exe

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 85.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 86.71%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 46.79%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 62.41%
suspicious: False cancel

Add to Collection
Download