Report #11676 check_circle

  • Creation Date: Sept. 22, 2020, 1:03 a.m.
  • Last Update: Sept. 22, 2020, 1:08 a.m.
  • File: evader.exe
  • Results:
Binary
DLL
False cancel
Size
2.19MB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
7b214ae4472382d1e2b96e33f4d93bca
sha1
613284957998fbc4c476f99564e85d4b9e08e2ae
crc32
0xf871e8cf
sha224
ac67c18bd7622fa9ee5b06550a5a04186bca19ce05125e31d3acea85
sha256
0b1495d88f0bfbe2a144aca61d8f8e9906c5f232a1f348969a6495771ee252ec
sha384
aed7802c069ec382199eb99ebcfce5c4a9992b5273ef2ee2ea1bafe4ffa5f5edbc260535ec53b78a542fa601dc8f5ef0
sha512
a843c6c0b01e53cbd8b5800c83814a47cc7703b50a0a17404118a91f98e5954c434fe65d5d40733f14d20d30d222474976099bd511971741ff68bc2546be7465
ssdeep
49152:LnlEmJA1BvqEMaI29mvKjQTPJgqopnP9WdZjtINv:LumSBysI29mi0spnPujtIl
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, anti_dbg, HasDebugData, contentis_base64, android_meterpreter, win_registry, IsPE64, IsConsole, CRC32_poly_Constant, IsPacked, Microsoft_Visual_Cpp_80_DLL, HasRichSignature

Suspicious
True check_circle

Strings
List
c:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
d41.fj
B.pw
1.vE
Mw.UG
4.ml
-.gi
L.Lr
N.Fj
J.sM
COMCTL32.dll
winspool.drv
winspool.drv
MSVCR110.dll
comctl32.dll
msimg32.dll
version.dll
WINMM.dll
wininet.dll
UxTheme.dll
oleacc.dll
winmm.dll
proc.exe
proc.exe
TP/'d
UseQ_@2if
=wh&s
Uh%/fi
[&CEO
AD,E
g|hR
RLCoh>
g|ar
\IfDh
ydsY`A
8%a8d3-=n
l%p2<h$Xrd$
N;)%1ddNU
lM4n?<?T?l%pA
)dx)d6N<%ayET
O{L8V%i
98%%-
@%FT@d
%8E=`
E;4%s
%EE=45
fDnG2
u%do2
ho|%cA+B
E8e8l%pu
n8R%d
fA3%o
n%6sU
phs$}%g
"\d%e=f
HfD5fYpu
MY%nH[/
E~gw~%i
$n%e<;
%LdST)
t%GC8N
S%iG\
tO%fG}
%Gle[D
r%E$v
l+A%c
t%igF)
`%A_R*
`=r%A
EB~%A
%AT&}
%sADF
CEO
List
fDyNo
wifBmPp
tsI%c
Nat%G
R%awN
HR%ES
cgb%ADDCst
towh
ye%ph
LCrit%c
MS u89'7%Ajf
<requestedPrivileges>
__crt_debugger_hook
Execut.
B:\hNM
2rDPi
)(vO.qaw
IsProcessorFeaturePresent
t9I6F
CreateEventW
IsDebuggerPresent
9ABCDEF
CreateProcessW
CoCreateInstance
D2e7
05ed

Foremost
Matches
24.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ADVAPI32.dll, RPCRT4.dll, SHELL32.dll, USER32.dll, oleaut32.dll, KERNEL32.dll, wininet.dll, UxTheme.dll, MSVCR110.dll, COMCTL32.dll, oleacc.dll, WINMM.dll, msimg32.dll, SHLWAPI.dll, gdi32.dll, version.dll, ole32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2294784
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6772
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, rpcrt4.dll, shell32.dll, user32.dll, oleaut32.dll, kernel32.dll, wininet.dll, uxtheme.dll, comctl32.dll, oleacc.dll, winmm.dll, msimg32.dll, shlwapi.dll, gdi32.dll, version.dll, ole32.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-22 01:03:42
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
12448
Suspicious
True check_circle
Disassembly
hasTricks
False cancel
Tricks
AVclass
johnnie
1
VirusTotal
md5
7b214ae4472382d1e2b96e33f4d93bca
sha1
613284957998fbc4c476f99564e85d4b9e08e2ae
SCANS (DETECTION RATE = 45.59%)
AVG
result: Win64:BankerX-gen [Trj]
update: 20200921
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200921
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=86)
update: 20200922
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200922
version: 6.73
detected: True check_circle

Bkav
update: 20200922
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200922
version: 11.141.35290
detected: False cancel

ALYac
result: Gen:Variant.Johnnie.276394
update: 20200922
version: 1.1.1.5
detected: True check_circle

Avast
result: Win64:BankerX-gen [Trj]
update: 20200921
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1128024
update: 20200922
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200917
version: 4.0.0.24
detected: False cancel

Cyren
update: 20200921
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.Encoder.30162
update: 20200921
version: 7.0.49.9080
detected: True check_circle

GData
result: Gen:Variant.Johnnie.276394
update: 20200922
version: A:25.27099B:27.20253
detected: True check_circle

Panda
update: 20200921
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200921
version: 4.4.1
detected: False cancel

VIPRE
update: 20200922
version: 86870
detected: False cancel

Zoner
update: 20200920
version: 0.0.0.0
detected: False cancel

Comodo
update: 20200921
version: 32832
detected: False cancel

Ikarus
result: Trojan.Win32.Injector
update: 20200921
version: 0.1.5.2
detected: True check_circle

McAfee
update: 20200921
version: 6.0.6.653
detected: False cancel

Rising
result: Backdoor.Remcos!8.B89E (TFE:5:IBRWLZzTx1N)
update: 20200921
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200922
version: 4.98.0
detected: False cancel

Yandex
result: TrojanSpy.Banker!cOv0RgZxtWw
update: 20200911
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200919
version: 2.0.0.4178
detected: False cancel

Acronis
update: 20200917
version: 1.1.1.78
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Johnnie.D437AA
update: 20200922
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200922
version: 2.3.1.101
detected: False cancel

Elastic
update: 20200917
version: 4.0.9
detected: False cancel

FireEye
result: Gen:Variant.Johnnie.276394
update: 20200922
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200922
version: 2020-09-22.01
detected: False cancel

Tencent
update: 20200922
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200921
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200922
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_99%
update: 20200922
detected: True check_circle

Ad-Aware
result: Gen:Variant.Johnnie.276394
update: 20200922
version: 3.0.16.117
detected: True check_circle

Emsisoft
result: Gen:Variant.Johnnie.276394 (B)
update: 20200922
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Heuristic.HEUR/AGEN.1128024
update: 20200922
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W64/Kryptik.ERUI!tr
update: 20200921
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200922
version: 1.0.1.0
detected: False cancel

Jiangmin
result: Trojan.MSIL.qkml
update: 20200921
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200922
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200922
version: 1.0
detected: False cancel

Symantec
update: 20200921
version: 1.12.0.0
detected: False cancel

AhnLab-V3
result: Trojan/Win32.AgentTesla.R350864
update: 20200921
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.TSGeneric
update: 20200922
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-Dropper.Win32.Generic
update: 20200922
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200919
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200922
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200922
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
result: HEUR:Trojan-Dropper.Win32.Generic
update: 20200922
version: 1.0
detected: True check_circle

Cybereason
result: malicious.447238
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win64/Kryptik.CAA
update: 20200922
version: 22028
detected: True check_circle

TrendMicro
update: 20200922
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Variant.Johnnie.276394
update: 20200921
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200922
version: 11.141.35290
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Trojan.MalPack
update: 20200922
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200921
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200922
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Razy.eobaqw
update: 20200922
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZexaF.34254.lwZ@aSrdvacO
update: 20200918
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Johnnie.276394
update: 20200922
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200918
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200922
version: 10.0.0.1040
detected: False cancel

total
68
sha256
0b1495d88f0bfbe2a144aca61d8f8e9906c5f232a1f348969a6495771ee252ec
scan_id
0b1495d88f0bfbe2a144aca61d8f8e9906c5f232a1f348969a6495771ee252ec-1600747427
resource
7b214ae4472382d1e2b96e33f4d93bca
positives
31
scan_date
2020-09-22 04:03:47
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.872Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.887Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.903Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.918Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.918Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.918Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.918Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.918Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.918Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.918Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.918Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.934Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.950Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:43.965Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.90Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.106Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.122Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.137Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.153Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.168Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.184Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.262Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.278Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.293Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.309Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.325Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.340Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.356Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.418Unknown2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.418Open2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.418Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.590Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.809Write2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Windows\System32\apphelp.dll
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Windows\System32\apphelp.dll
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Monitor
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Monitor
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Monitor
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Monitor
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Monitor
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Monitor
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Read2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Monitor\ui\SwDRM.dll
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Open2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Read2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Read2476C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Monitor
22/9/2020 - 0:45:44.903Unknown2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows
22/9/2020 - 0:45:44.918Unknown1228C:\Monitor\proc.exeC:\Windows
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Monitor\msimg32.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\msimg32.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\msimg32.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Monitor\winspool.drv
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winspool.drv
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winspool.drv
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 0:45:44.918Unknown1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
22/9/2020 - 0:45:44.918Open1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Monitor\version.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Monitor\oleacc.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\oleacc.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\oleacc.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Monitor\winmm.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Monitor\OLEACCRC.DLL
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\oleaccrc.dll
22/9/2020 - 0:45:44.934Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\oleaccrc.dll
22/9/2020 - 0:45:44.950Open1228C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.950Read1228C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:44.950Unknown1228C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:45.28Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 0:45:45.28Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 0:45:45.75Open1228C:\Monitor\proc.exeC:\Monitor\dwmapi.dll
22/9/2020 - 0:45:45.75Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
22/9/2020 - 0:45:45.75Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
22/9/2020 - 0:45:45.75Open1228C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:45.75Unknown1228C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:45.75Open1228C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:45.75Read1228C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:45.75Unknown1228C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:45.106Read1228C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/9/2020 - 0:45:45.168Unknown1228C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
22/9/2020 - 0:45:45.168Unknown1228C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Obsidium\{2D82466A-100A8810-2B87AB42-852048EF}.Extensions
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Users\Behemot
22/9/2020 - 0:45:45.168Unknown1228C:\Monitor\proc.exeC:\Users\Behemot
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Users\Behemot\.obs32\{2D82466A-100A8810-2B87AB42-852048EF}.Language
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Unknown1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Unknown1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Unknown1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Unknown1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Unknown1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Unknown1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.dat
22/9/2020 - 0:45:45.168Read1228C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Monitor\olepro32.dll
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\olepro32.dll
22/9/2020 - 0:45:45.168Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\olepro32.dll
22/9/2020 - 0:45:45.184Open1228C:\Monitor\proc.exeC:\Monitor\REG.exe
22/9/2020 - 0:45:45.184Open1228C:\Monitor\proc.exeC:\Monitor\REG.exe
22/9/2020 - 0:45:45.184Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\reg.exe
22/9/2020 - 0:45:45.231Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\reg.exe
22/9/2020 - 0:45:45.231Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\reg.exe
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 0:45:45.372Unknown1228C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\reg.exe
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\
22/9/2020 - 0:45:45.372Unknown1228C:\Monitor\proc.exeC:\
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows
22/9/2020 - 0:45:45.372Unknown1228C:\Monitor\proc.exeC:\Windows
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 0:45:45.372Unknown1228C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 0:45:45.372Unknown1228C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\reg.exe
22/9/2020 - 0:45:45.372Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\reg.exe
22/9/2020 - 0:45:45.372Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\reg.exe
22/9/2020 - 0:45:45.372Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\Prefetch\REG.EXE-4978446A.pf
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64.dll
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64.dll
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64log.dll
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Windows
22/9/2020 - 0:45:45.434Unknown1764C:\Windows\SysWOW64\reg.exeC:\Windows
22/9/2020 - 0:45:45.434Open1764C:\Windows\SysWOW64\reg.exeC:\Monitor
22/9/2020 - 0:45:45.590Open1228C:\Monitor\proc.exeC:\Monitor\RICHED20.DLL
22/9/2020 - 0:45:45.590Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\riched20.dll
22/9/2020 - 0:45:45.590Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\riched20.dll
22/9/2020 - 0:45:45.590Open1228C:\Monitor\proc.exeC:\Windows\win.ini
22/9/2020 - 0:45:45.590Read1228C:\Monitor\proc.exeC:\Windows\win.ini
22/9/2020 - 0:45:45.590Open1228C:\Monitor\proc.exeC:\Windows\Fonts\tahomabd.ttf
22/9/2020 - 0:45:45.590Open1228C:\Monitor\proc.exeC:\Windows\Fonts\tahomabd.ttf
22/9/2020 - 0:45:45.637Open1228C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
22/9/2020 - 0:45:45.684Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 0:45:45.684Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 0:45:45.684Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:45.684Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:45.684Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:45.684Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:45.684Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:45.684Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 0:45:45.684Open1764C:\Windows\SysWOW64\reg.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/9/2020 - 0:45:45.684Unknown1764C:\Windows\SysWOW64\reg.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/9/2020 - 0:45:45.637Open1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
22/9/2020 - 0:45:45.747Unknown1764C:\Windows\SysWOW64\reg.exeC:\Windows
22/9/2020 - 0:45:45.747Unknown1764C:\Windows\SysWOW64\reg.exeC:\Monitor
22/9/2020 - 0:45:45.747Unknown1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
22/9/2020 - 0:45:45.747Open1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
22/9/2020 - 0:45:45.747Open1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
22/9/2020 - 0:45:45.793Read1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
22/9/2020 - 0:45:45.840Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
22/9/2020 - 0:45:45.887Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
22/9/2020 - 0:45:46.184Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
22/9/2020 - 0:45:46.184Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbemcomn.dll
22/9/2020 - 0:45:46.231Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbemcomn.dll
22/9/2020 - 0:45:46.793Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\Logs
22/9/2020 - 0:45:46.840Unknown1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\Logs
22/9/2020 - 0:45:46.887Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
22/9/2020 - 0:45:46.887Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
22/9/2020 - 0:45:46.887Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
22/9/2020 - 0:45:46.887Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
22/9/2020 - 0:45:47.168Open1228C:\Monitor\proc.exeC:\Monitor\SXS.DLL
22/9/2020 - 0:45:47.168Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\sxs.dll
22/9/2020 - 0:45:47.168Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\sxs.dll
22/9/2020 - 0:45:47.168Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.215Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.215Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:47.262Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
22/9/2020 - 0:45:47.262Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
22/9/2020 - 0:45:47.262Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 0:45:47.262Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 0:45:47.262Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\NapiNSP.dll
22/9/2020 - 0:45:47.262Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\NapiNSP.dll
22/9/2020 - 0:45:47.262Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\pnrpnsp.dll
22/9/2020 - 0:45:47.262Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\pnrpnsp.dll
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Monitor\DNSAPI.dll
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winrnr.dll
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winrnr.dll
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Monitor\IPHLPAPI.DLL
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Monitor\WINNSI.DLL
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 0:45:47.278Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 0:45:47.325Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 0:45:47.325Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 0:45:47.418Open1228C:\Monitor\proc.exeC:\Monitor\rasadhlp.dll
22/9/2020 - 0:45:47.418Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rasadhlp.dll
22/9/2020 - 0:45:47.418Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rasadhlp.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Monitor\CRYPTSP.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Monitor\RpcRtRemote.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/9/2020 - 0:45:47.512Unknown1228C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/9/2020 - 0:45:47.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/9/2020 - 0:45:47.512Unknown1228C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/9/2020 - 0:45:47.606Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
22/9/2020 - 0:45:47.606Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
22/9/2020 - 0:45:48.28Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\fastprox.dll
22/9/2020 - 0:45:48.28Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\fastprox.dll
22/9/2020 - 0:45:48.28Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
22/9/2020 - 0:45:48.28Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdsapi.dll
22/9/2020 - 0:45:48.28Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdsapi.dll
22/9/2020 - 0:45:48.575Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\NapiNSP.dll
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\NapiNSP.dll
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\pnrpnsp.dll
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\pnrpnsp.dll
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winrnr.dll
22/9/2020 - 0:45:49.715Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\winrnr.dll
22/9/2020 - 0:45:49.762Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 0:45:49.762Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 0:45:50.512Open1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:50.512Read1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:51.122Unknown1228C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/9/2020 - 0:45:51.356Unknown1228C:\Monitor\proc.exeC:\Windows
22/9/2020 - 0:45:51.356Unknown1228C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 0:45:51.356Unknown1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 0:45:51.356Unknown1228C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/9/2020 - 0:45:51.356Unknown1228C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61

Process
Trace
22/9/2020 - 0:45:44.903Create2476C:\malware.exe1228C:\Monitor\proc.exe
22/9/2020 - 0:45:45.372Create1228C:\Monitor\proc.exe1764C:\Windows\SysWOW64\reg.exe
22/9/2020 - 0:45:45.747Terminate1228C:\Monitor\proc.exe1764C:\Windows\SysWOW64\reg.exe
22/9/2020 - 0:45:51.356Terminate2476C:\malware.exe1228C:\Monitor\proc.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
22/9/2020 - 0:45:51.122Write1228C:\Monitor\proc.exeHKCU\Software\GoogleDados

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info
computer localhost:64896 arrow_forward help_outline 239.255.255.250:3702
computer localhost:3702 arrow_forward computer localhost:50621

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 80.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 52.94%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 63.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 48.77%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 86.74%
suspicious: True check_circle

Add to Collection
Download