Report #11686 check_circle

  • Creation Date: Sept. 22, 2020, 2:20 a.m.
  • Last Update: Sept. 22, 2020, 2:26 a.m.
  • File: evader.exe
  • Results:
Binary
DLL
False cancel
Size
1.96MB
trid
43.1% Win32 EXE PECompact compressed
28.6% Win64 Executable
10.3% DOS Borland compiled Executable
6.8% Win32 Dynamic Link Library
4.6% Win32 Executable
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
c234c69620142f8d7b879f62ee9f9a1b
sha1
b963f7870ac9ff218c854675bb0b7d815dc36c01
crc32
0x88d6e4c3
sha224
4a5c0563a9e03cdd4719335fa4c27b91c7e2d141726efb6929292595
sha256
b0c0372750dfb41dd53eaeb6ae83ca7085afd94387b4026c366b9426b756f661
sha384
03cb9a4acbb87dd91f18fb0296ab7b667bb2c814a5dd1cf8482e149cba49a7b44b99d819a6cd75384046dadafa9f64eb
sha512
35b3a0630da463c3a5ac687e8fb9760aa08b4b110faa5af8646a0233f1efb40dfede7d1bd337ae42d793e51dc1621d316743d3bbace6c7c9e337f88f1770074c
ssdeep
49152:4bdyST880SjwfBCAkXY0mSITnUkcNVuV9zwu:4bBhwCY
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
RIPEMD160_Constants, domain, win_hook, anti_dbg, Borland, screenshot, HasDebugData, url, keylogger, SHA1_Constants, android_meterpreter, contentis_base64, win_registry, IsPE64, IsConsole, Delphi_Random, win_files_operation, Microsoft_Visual_Cpp_80_DLL, HasRichSignature, IP, Delphi_FormShow

Suspicious
True check_circle

Strings
List
if(!window.Silverlight)window.Silverlight={};Silverlight._silverlightCount=0;Silverlight.ua=null;Silverlight.available=false;Silverlight.fwlinkRoot="http://go.microsoft.com/fwlink/?LinkID=";Silverlight.StatusText="Get Microsoft Silverlight";Silverlight.EmptyText="";Silverlight.detectUserAgent=function(){var a=window.navigator.userAgent;Silverlight.ua={OS:"Unsupported",Browser:"Unsupported"};if(a.indexOf("Windows NT")>=0)Silverlight.ua.OS="Windows";else if(a.indexOf("PPC Mac OS X")>=0)Silverlight.ua.OS="MacPPC";else if(a.indexOf("Intel Mac OS X")>=0)Silverlight.ua.OS="MacIntel";if(Silverlight.ua.OS!="Unsupported")if(a.indexOf("MSIE")>=0){if(navigator.userAgent.indexOf("Win64")==-1)if(parseInt(a.split("MSIE")[1])>=6)Silverlight.ua.Browser="MSIE"}else if(a.indexOf("Firefox")>=0){var b=a.split("Firefox/")[1].split("."),c=parseInt(b[0]);if(c>=2)Silverlight.ua.Browser="Firefox";else{var d=parseInt(b[1]);if(c==1&&d>=5)Silverlight.ua.Browser="Firefox"}}else if(a.indexOf("Safari")>=0)Silverlight.ua.Browser="Safari"};Silverlight.detectUserAgent();Silverlight.isInstalled=function(d){var c=false,a=null;try{var b=null;if(Silverlight.ua.Browser=="MSIE")b=new ActiveXObject("AgControl.AgControl");else if(navigator.plugins["Silverlight Plug-In"]){a=document.createElement("div");document.body.appendChild(a);a.innerHTML='<embed type="application/x-silverlight" />';b=a.childNodes[0]}if(b.IsVersionSupported(d))c=true;b=null;Silverlight.available=true}catch(e){c=false}if(a)document.body.removeChild(a);return c};Silverlight.createObject=function(l,g,m,j,k,i,h){var b={},a=j,c=k;a.source=l;b.parentElement=g;b.id=Silverlight.HtmlAttributeEncode(m);b.width=Silverlight.HtmlAttributeEncode(a.width);b.height=Silverlight.HtmlAttributeEncode(a.height);b.ignoreBrowserVer=Boolean(a.ignoreBrowserVer);b.inplaceInstallPrompt=Boolean(a.inplaceInstallPrompt);var e=a.version.split(".");b.shortVer=e[0]+"."+e[1];b.version=a.version;a.initParams=i;a.windowless=a.isWindowless;a.maxFramerate=a.framerate;for(var d in c)if(c[d]&&d!="onLoad"&&d!="onError"){a[d]=c[d];c[d]=null}delete a.width;delete a.height;delete a.id;delete a.onLoad;delete a.onError;delete a.ignoreBrowserVer;delete a.inplaceInstallPrompt;delete a.version;delete a.isWindowless;delete a.framerate;if(Silverlight.isInstalled(b.version)){if(Silverlight._silverlightCount==0)if(window.addEventListener)window.addEventListener("onunload",Silverlight.__cleanup,false);else window.attachEvent("onunload",Silverlight.__cleanup);var f=Silverlight._silverlightCount++;a.onLoad="__slLoad"+f;a.onError="__slError"+f;window[a.onLoad]=function(a){if(c.onLoad)c.onLoad(document.getElementById(b.id),h,a)};window[a.onError]=function(a,b){if(c.onError)c.onError(a,b);else Silverlight.default_error_handler(a,b)};slPluginHTML=Silverlight.buildHTML(b,a)}else slPluginHTML=Silverlight.buildPromptHTML(b);if(b.parentElement)b.parentElement.innerHTML=slPluginHTML;else return slPluginHTML};Silverlight.supportedUserAgent=function(c){var a=Silverlight.ua,b=a.OS=="Unsupported"||a.Browser=="Unsupported"||a.OS=="Windows"&&a.Browser=="Safari"||a.OS.indexOf("Mac")>=0&&a.Browser=="IE";if(c=="1.1")return !(b||a.OS=="MacPPC");else return !b};Silverlight.buildHTML=function(c,d){var a=[],e,i,g,f,h;if(Silverlight.ua.Browser=="Safari"){a.push("<embed ");e="";i=" ";g='="';f='"';h=' type="application/x-silverlight"/>'+"<iframe style='visibility:hidden;height:0;width:0'/>"}else{a.push('<object type="application/x-silverlight"');e=">";i=' <param name="';g='" value="';f='" />';h="</object>"}a.push(' id="'+c.id+'" width="'+c.width+'" height="'+c.height+'" '+e);for(var b in d)if(d[b])a.push(i+Silverlight.HtmlAttributeEncode(b)+g+Silverlight.HtmlAttributeEncode(d[b])+f);a.push(h);return a.join("")};Silverlight.default_error_handler=function(e,b){var d,c=b.ErrorType;d=b.ErrorCode;var a="\nSilverlight error message \n";a+="ErrorCode: "+d+"\n";a+="ErrorType: "+c+" \n";a+="Message: "+b.ErrorMessage+" \n";if(c=="ParserError"){a+="XamlFile: "+b.xamlFile+" \n";a+="Line: "+b.lineNumber+" \n";a+="Position: "+b.charPosition+" \n"}else if(c=="RuntimeError"){if(b.lineNumber!=0){a+="Line: "+b.lineNumber+" \n";a+="Position: "+b.charPosition+" \n"}a+="MethodName: "+b.methodName+" \n"}alert(a)};Silverlight.createObjectEx=function(b){var a=b,c=Silverlight.createObject(a.source,a.parentElement,a.id,a.properties,a.events,a.initParams,a.context);if(a.parentElement==null)return c};Silverlight.buildPromptHTML=function(e){var a=null,g=Silverlight.fwlinkRoot,c=Silverlight.ua.OS,b="92822",d;if(e.shortVer=="1.1")e.inplaceInstallPrompt=false;if(e.inplaceInstallPrompt){var i;if(Silverlight.available){d="94376";i="94382"}else{d="92802";i="94381"}var h="93481",f="93483";if(c=="Windows"){b="92799";h="92803";f="92805"}else if(c=="MacIntel"){b="92808";h="92804";f="92806"}else if(c=="MacPPC"){b="92807";h="92815";f="92816"}a='<table border="0" cellpadding="0" cellspacing="0" width="205px"><tr><td><img title="Get Microsoft Silverlight" onclick="javascript:Silverlight.followFWLink({0});" style="border:0; cursor:pointer" src="{1}"/></td></tr><tr><td style="background:#C7C7BD; text-align: center; color: black; font-family: Verdana; font-size: 9px; padding-bottom: 0.05cm; ;padding-top: 0.05cm" >By clicking <b>Get Microsoft Silverlight</b> you accept the <a title="Silverlight License Agreement" href="{2}" target="_top" style="text-decoration: underline; color: #36A6C6"><b>Silverlight license agreement</b></a>.</td></tr><tr><td style="border-left-style: solid; border-right-style: solid; border-width: 2px; border-color:#c7c7bd; background: #817d77; color: #FFFFFF; text-align: center; font-family: Verdana; font-size: 9px">Silverlight updates automatically, <a title="Silverlight Privacy Statement" href="{3}" target="_top" style="text-decoration: underline; color: #36A6C6"><b>learn more</b></a>.</td></tr><tr><td><img src="{4}"/></td></tr></table>';a=a.replace("{2}",g+h);a=a.replace("{3}",g+f);a=a.replace("{4}",g+i)}else{if(e.shortVer=="1.1"){b="92821";if(Silverlight.available)d="94378";else d="92810";if(c=="Windows")b="92809";else if(c=="MacIntel")b="92813"}else{if(Silverlight.available)d="94377";else d="92801";if(c=="Windows")b="92800";else if(c=="MacIntel")b="92812";else if(c=="MacPPC")b="92811"}a='<div style="width: 205px; height: 67px; background-color: #FFFFFF"><img onclick="javascript:Silverlight.followFWLink({0});" style="border:0; cursor:pointer" src="{1}" alt="Get Microsoft Silverlight"/></div>'}a=a.replace("{0}",b);a=a.replace("{1}",g+d);return a};Silverlight.__cleanup=function(){for(var a=Silverlight._silverlightCount-1;a>=0;a--){window["__slLoad"+a]=null;window["__slError"+a]=null}if(window.removeEventListener)window.removeEventListener("unload",Silverlight.__cleanup,false);else window.detachEvent("onunload",Silverlight.__cleanup)};Silverlight.followFWLink=function(a){top.location=Silverlight.fwlinkRoot+String(a)};Silverlight.HtmlAttributeEncode=function(c){var a,b="";if(c==null)return null;for(var d=0;d<c.length;d++){a=c.charCodeAt(d);if(a>96&&a<123||a>64&&a<91||a>43&&a<58&&a!=47||a==95)b=b+String.fromCharCode(a);else b=b+"&#"+a+";"}return b}
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<A HREF="http://www.atozed.com">IntraWeb: VCL for the Web</A>.
<A HREF="http://www.atozed.com">IntraWeb: VCL for the Web</A>.
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
// SDK 1.1 license available at http://go.microsoft.com/fwlink/?linkid=94243.
* http://www.apache.org/licenses/LICENSE-2.0
req.xmlHttpRequest.open(req.method,req.url,req.async,req.username,req.password);
* For details, see the Prototype web site: http://prototype.conio.net/
if(e.pageY > this.ssLayer.top)
frame.vssLayer.top = p*(frame.vspLayer.clip.height -
xLocker.style.top = '0px';
xLocker.style.left = '0px';
/*lp.top = lPoint.top + aRoot.offsetTop;
xNode.name = aNode.name
_barLayer.top;
this.name = name;
gSenderName = aSender.name;
element.style.left = left + 'px';;
element.style.left = left + 'px';
c:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
xName=xItem.name;
this.top = this.oTop - i;
element.style.left = 0;
layer.top = top;
tp.show();
t.Ht
this.top = top;
if(e.target.href) {
lScroll.Height = lp.top + aRoot.children[i].offsetTop + aRoot.children[i].offsetHeight;
var p = topmost().location.protocol + "//" + topmost().location.host + "
return [element.name, element.value];
return [element.name, element.value];
if (lp.top + aRoot.children[i].offsetTop + aRoot.children[i].offsetHeight > lScroll.Height) {
element.style.top = 0;
if (obj.name != null && obj.form && obj.form.name != "HiddenSubmitForm") {
this.clip.top = i;
if ((aSubmitForm.childNodes.item(j).name == obj.name) && (aSubmitForm.childNodes.item(j).type == "hidden") ) {
element.style.top =
element.style.left =
xLocker.style.backgroundColor = 'transparent';
lp.top = 0;
var p = IWTop().location.protocol + "//" + IWTop().location.host + "
UP.LINK
Font.Name
Font.Name
Font.Style
Font.Style
Font.Style
Font.Name
xLocker.style.backgroundImage = 'url(' + aLockImageURL + ')';
xLocker.style.visibility = 'hidden';
xLocker.style.backgroundRepeat = 'no-repeat';
xLocker.style.backgroundPosition = 'center';
zlib.dll not found in %s
msgWindow=window.open("","ShowMessage","menubar=no,scrollbars=yes,status=no,width=300,height=300,toolbar=no,location=no,resizable=no,directories=no");
logMessage('cloned! ' + xNode.name +':' + xNode.type + ':' + xNode.value)
this.div.style.overflow = "hidden";
aURL = GURLBase + '/callback' + aSessionInfo + '?callback=' + aCallback + '&' + aSender.name + '=' + aSender.value;
logMessage('cloning ' + aNode.name +':' + aNode.type + ':' + aNode.value);
_thumbLayer.top = t;
LocateInputElement(xItem.name, xSubmitForm, ProcessElement);
dragObjectStyle.top = (e.screenY + this._topOffset(e) - this.starty) + "px";
if(options.setTop) target.style.top = (p[1] - delta[1] + options.offsetTop) + 'px';
w=window.open(URL, Name, Options);
var top = parseFloat(element.style.top || 0) - (element._originalTop || 0);
this.style.clip = "rect(0px," + ARect.Width + "px," + ARect.Height + "px,0px)";
this.addField(el.name,el.options[el.selectedIndex].value);
xObj.style.top = aY;
logMessage(xItem.name + ' = ' + xItem.value);
(pY < (_dragObject.top-38))) {
this.frame.load(e.target);
xObj.style.left = aX;
if(options.setLeft) target.style.left = (p[0] - delta[0] + options.offsetLeft) + 'px';
return __method.call(object, event || window.event);
if((pY > (_dragObject.top+54)) ||
xControlName = xTarget.name;
var left = parseFloat(element.style.left || 0) - (element._originalLeft || 0);
_dragObject.top = pY;
AddChangedControl(xItem.name);
element._originalTop = top - parseFloat(element.style.top || 0);
if (aSender != null && xItem != null && xItem.name == aSender.name) {
target.style.top = offsets[1] + 'px';
target.style.left = offsets[0] + 'px';
var p = Position.page(source);
percentScroll = (pY - _dragObject.spLayer.top) /
var dobj=aSubmitForm.elements[obj.name];
xLocker.id = 'IWLocker';
this.addField(el.name,el.options[j].value);
this.e2.style.height = this.end + "px";
if (xTarget.name) {
lElement.style.top = lPoint.Y + 'px';
lElement.style.top = lPoint.Y + 'px';
e.clientY > absoluteRect.top + this._topOffset(e) &&
_dragObject.oTop = _dragObject.top;
p = (_scrollLayer.clip.top-15) /
p = (_scrollLayer.clip.top+15) /

Foremost
Matches
2946.gif, 78 B, 3373.gif, 857 B, 3374.gif, 888 B, 3376.gif, 300 B, 3377.gif, 297 B, 3377.gif, 1 KB, 3380.gif, 1 KB, 3382.gif, 1 KB, 3384.gif, 1 KB, 3386.gif, 1 KB, 3388.gif, 1 KB, 3390.gif, 1 KB, 3393.gif, 1 KB, 3395.gif, 1 KB, 3397.gif, 1 KB, 3399.gif, 1 KB, 3402.gif, 1 KB, 3404.gif, 814 B, 3406.gif, 782 B, 3407.gif, 1 KB, 3410.gif, 1 KB, 3412.gif, 1 KB, 3414.gif, 1 KB, 3416.gif, 803 B, 3419.gif, 1 KB, 3424.gif, 2 KB, 3429.gif, 426 B, 3437.gif, 2 KB, 3442.gif, 75 B, 3442.gif, 63 B, 3442.gif, 110 B, 3442.gif, 80 B, 3442.gif, 108 B, 3443.gif, 79 B, 3443.gif, 111 B, 3443.gif, 65 B, 3443.gif, 60 B, 3443.gif, 105 B, 3443.gif, 77 B, 3444.gif, 113 B, 3444.gif, 105 B, 3444.gif, 77 B, 3446.gif, 42 B, 3446.gif, 145 B, 3447.gif, 130 B, 3447.gif, 108 B, 3447.gif, 158 B, 3447.gif, 111 B, 3679.htm, 69 B, 24.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 127.0.0.1, 1, localhost.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed: http://go.microsoft.com/fwlink/?linkid=, http://www.w3.org/1999/xhtml, http://go.microsoft.com/fwlink/?linkid=94243.
hasURLs: True check_circle
Suspicious: http://www.apache.org/licenses/license-2.0, http://www.wapforum.org/dtd/wml_1.1.xml, http://www.wapforum.org/dtd/xhtml-mobile10.dtd, http://, http://www.atozed.com, https://, http://prototype.conio.net/
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: user32.dll, kernel32.dll, uxtheme.dll, MSWSOCK.DLL, Fwpuclnt.dll, comctl32.dll, Wship6.dll, ole32.dll, imm32.dll, oleaut32.dll, WS2_32.DLL, ADVAPI32.dll, SHLWAPI.dll, RPCRT4.dll, SHELL32.dll, MSVCR110.dll, gdi32.dll, DWMAPI.DLL, WINMM.dll, windowscodecs.dll, msimg32.dll, version.dll
hasFiles: True check_circle
Suspicious: wapdb.dat
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2054656
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6772
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll, uxtheme.dll, mswsock.dll, comctl32.dll, wship6.dll, ole32.dll, imm32.dll, oleaut32.dll, ws2_32.dll, advapi32.dll, shlwapi.dll, rpcrt4.dll, shell32.dll, gdi32.dll, dwmapi.dll, winmm.dll, windowscodecs.dll, msimg32.dll, version.dll
hasLibs: True check_circle
Suspicious: fwpuclnt.dll, msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-22 02:20:58
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
12448
Suspicious
True check_circle
Disassembly
hasTricks
False cancel
Tricks
AVclass
johnnie
1
VirusTotal
md5
c234c69620142f8d7b879f62ee9f9a1b
sha1
b963f7870ac9ff218c854675bb0b7d815dc36c01
SCANS (DETECTION RATE = 43.48%)
AVG
result: Win64:BankerX-gen [Trj]
update: 20200922
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200921
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=87)
update: 20200922
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200922
version: 6.73
detected: True check_circle

Bkav
update: 20200922
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200922
version: 11.141.35290
detected: False cancel

ALYac
result: Gen:Variant.Johnnie.276394
update: 20200922
version: 1.1.1.5
detected: True check_circle

Avira
result: HEUR/AGEN.1112096
update: 20200922
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200917
version: 4.0.0.24
detected: False cancel

Cyren
update: 20200922
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.Encoder.30162
update: 20200922
version: 7.0.49.9080
detected: True check_circle

GData
result: Gen:Variant.Johnnie.276394
update: 20200922
version: A:25.27102B:27.20255
detected: True check_circle

Panda
update: 20200921
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200921
version: 4.4.1
detected: False cancel

VIPRE
update: 20200922
version: 86874
detected: False cancel

Zoner
update: 20200920
version: 0.0.0.0
detected: False cancel

Comodo
update: 20200921
version: 32832
detected: False cancel

Ikarus
result: Trojan.Win32.Injector
update: 20200921
version: 0.1.5.2
detected: True check_circle

McAfee
update: 20200921
version: 6.0.6.653
detected: False cancel

Rising
result: Backdoor.Remcos!8.B89E (TFE:5:IBRWLZzTx1N)
update: 20200921
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200922
version: 4.98.0
detected: False cancel

Yandex
result: Trojan.Diztakun!
update: 20200911
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200919
version: 2.0.0.4178
detected: False cancel

Acronis
update: 20200917
version: 1.1.1.78
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Johnnie.D437AA
update: 20200922
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200922
version: 2.3.1.101
detected: False cancel

Elastic
result: malicious (high confidence)
update: 20200917
version: 4.0.9
detected: True check_circle

FireEye
result: Gen:Variant.Johnnie.276394
update: 20200922
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200922
version: 2020-09-22.01
detected: False cancel

Tencent
update: 20200922
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200921
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200922
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200922
detected: False cancel

Ad-Aware
result: Gen:Variant.Johnnie.276394
update: 20200922
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200922
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Variant.Johnnie.276394 (B)
update: 20200922
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Heuristic.HEUR/AGEN.1112096
update: 20200922
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W64/Kryptik.ERUI!tr
update: 20200922
version: 6.2.142.0
detected: True check_circle

Invincea
result: Generic ML PUA (PUA)
update: 20200922
version: 1.0.1.0
detected: True check_circle

Jiangmin
result: Trojan.MSIL.qkml
update: 20200921
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200922
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200922
version: 1.0
detected: False cancel

Symantec
update: 20200922
version: 1.12.0.0
detected: False cancel

AhnLab-V3
result: Trojan/Win32.AgentTesla.R350864
update: 20200921
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
update: 20200922
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan.Win32.Delf.enfc
update: 20200922
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200919
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200922
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200922
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
result: Trojan.Win32.Delf.enfc
update: 20200922
version: 1.0
detected: True check_circle

Cybereason
result: malicious.620142
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win64/Kryptik.CAA
update: 20200922
version: 22028
detected: True check_circle

TrendMicro
update: 20200922
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Variant.Johnnie.276394
update: 20200922
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200922
version: 11.141.35290
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Trojan.MalPack
update: 20200922
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200922
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200922
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Diztakun.ejcokv
update: 20200922
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: AI:Packer.9354998021
update: 20200918
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Johnnie.276394
update: 20200922
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200918
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20200922
version: v2019.1.2+3728
detected: False cancel

TrendMicro-HouseCall
update: 20200922
version: 10.0.0.1040
detected: False cancel

total
69
sha256
b0c0372750dfb41dd53eaeb6ae83ca7085afd94387b4026c366b9426b756f661
scan_id
b0c0372750dfb41dd53eaeb6ae83ca7085afd94387b4026c366b9426b756f661-1600752065
resource
c234c69620142f8d7b879f62ee9f9a1b
positives
30
scan_date
2020-09-22 05:21:05
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.747Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.762Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.778Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.793Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.809Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.825Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.840Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.950Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.965Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.981Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:43.997Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.12Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.28Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.43Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.106Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.122Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.137Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.153Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.168Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.184Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.200Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.262Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.262Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.262Unknown344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.262Open344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.262Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.403Write344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.590Unknown344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.590Open344C:\malware.exeC:\Windows\System32\apphelp.dll
22/9/2020 - 1:45:44.590Open344C:\malware.exeC:\Windows\System32\apphelp.dll
22/9/2020 - 1:45:44.590Open344C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 1:45:44.590Open344C:\malware.exeC:\Monitor
22/9/2020 - 1:45:44.590Unknown344C:\malware.exeC:\Monitor
22/9/2020 - 1:45:44.590Open344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.590Unknown344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.590Open344C:\malware.exeC:\
22/9/2020 - 1:45:44.590Unknown344C:\malware.exeC:\
22/9/2020 - 1:45:44.590Open344C:\malware.exeC:\Monitor
22/9/2020 - 1:45:44.590Unknown344C:\malware.exeC:\Monitor
22/9/2020 - 1:45:44.606Open344C:\malware.exeC:\Monitor
22/9/2020 - 1:45:44.606Unknown344C:\malware.exeC:\Monitor
22/9/2020 - 1:45:44.606Open344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.606Read344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.606Open344C:\malware.exeC:\Monitor\ui\SwDRM.dll
22/9/2020 - 1:45:44.606Open344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.606Open344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.606Unknown344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.606Open344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.606Unknown344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.606Unknown344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.606Unknown344C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.606Unknown344C:\malware.exeC:\Monitor
22/9/2020 - 1:45:44.606Unknown344C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Windows
22/9/2020 - 1:45:44.606Unknown1500C:\Monitor\proc.exeC:\Windows
22/9/2020 - 1:45:44.606Open1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Monitor\msimg32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\msimg32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\msimg32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Monitor\version.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 1:45:44.622Unknown1500C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Monitor\winspool.drv
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\winspool.drv
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\winspool.drv
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 1:45:44.622Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 1:45:44.637Open1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Unknown1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Open1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Unknown1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Open1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Unknown1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Open1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Unknown1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Open1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Unknown1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Open1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Unknown1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.637Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 1:45:44.637Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Monitor\dwmapi.dll
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.dat
22/9/2020 - 1:45:44.700Read1500C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/9/2020 - 1:45:44.700Unknown1500C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Monitor\wapdb.dat
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.700Unknown1500C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 1:45:44.700Open1500C:\Monitor\proc.exeC:\Monitor\proc.rar
22/9/2020 - 1:45:44.715Unknown1500C:\Monitor\proc.exeC:\Windows
22/9/2020 - 1:45:44.715Unknown1500C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 1:45:44.715Unknown1500C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 1:45:44.715Unknown1500C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat

Process
Trace
22/9/2020 - 1:45:44.590Create344C:\malware.exe1500C:\Monitor\proc.exe
22/9/2020 - 1:45:44.700Terminate344C:\malware.exe1500C:\Monitor\proc.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 87.50%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.25%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 74.14%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.98%
suspicious: False cancel

Add to Collection
Download