Report #12747 check_circle

  • Creation Date: Aug. 6, 2021, 11:22 p.m.
  • Last Update: Aug. 6, 2021, 11:27 p.m.
  • File: 043
  • Results:
Binary
DLL
False cancel
Size
281.50KB
trid
82.0% Win64 Executable
6.0% OS/2 Executable
5.9% Generic Win/DOS Executable
5.9% DOS Executable Generic
0.0% VXD Driver
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
b8d4b10821e714302d6fc60092934dc5
sha1
2db84283f01f4df9928dd0aceb99a87086ed6a5b
crc32
0x9bc3af2a
sha224
834194712db81f32f7621b485ca52e34072cb6f59d76bfcee2a105b7
sha256
055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731
sha384
31d45c8f8fb3d30a156dfabf13cedc51f8fb972b81494cf38c704a9c1188a2e310117ba0316b524218630cfc7606c25d
sha512
04e206c74cc900d72912c2bb77ae917cda81e2ba41b3d93f155e0000ac53295a13d78080f0c326bd48899d4ce0879c6e47aca5631c4a3b5b1041217097d8ad68
ssdeep
6144:KC/cLq32VKR2ooP9Y/vgm78sE9assSXs72qrhNPAB:tcLq3QYHX78BzqI
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
MinGW_1, domain, contentis_base64, IsPE64, win_files_operation, IsPacked, Microsoft_Visual_Cpp_80_DLL, IsWindowsGUI

Suspicious
True check_circle

Strings
List
3.mw
%c%c%c%c%c%c%c%c%cMSSE-%d-server
y+Td
-1SV)5WR%9[^!=_Z=!CF9%GB5)KN1-OJ
0QU-1SV)5WR%9[^!=_Z=!CF9%GB5)KN1-OJ-!sfie7"
-1SV)5WR%9[^!=_Z=!CF9%GB5)KN1-OJ
50QU-1SV)5WR%9[^!=_Z=!CF9%GB-0QU-0QU-!sfie7"
*JI0.Nu
R4<CWq ^U5uZY%=BE%uOU8;J
_matherr(): %s in %s(%g, %g) (retval=%g)
_acmdln
GetProcAddress
CsNmp
Address %p has no image-section
Unknown pseudo relocation bit size %d.
Unknown pseudo relocation protocol version %d.
TerminateProcess
VirtualAlloc
The result is too small to be represented (UNDERFLOW)
VirtualProtect
ConnectNamedPipe
CreateFileA
CreateNamedPipeA
QueryPerformanceCounter
LoadLibraryW
WriteFile
GetModuleHandleA
ReadFile
VirtualQuery failed for %d bytes at address %p
GetTickCount
vfprintf
fprintf
A%,"YU?d_U?
fwrite
Sleep
VirtualProtect failed with code 0x%x
02UB05UH0qUD0?UD0%UD00UA08UW00UY08UB0?U'0
A%,/ZU2DsU2TpU2
A%,/ZU2DsU2TpU2
0$UC04UU0!UH02UY04UI0qUE04UL0!U
0$UC04UU0!UH02UY04UI0qU@0$UA0%UD0%UE0#UH00UI0qUA0>UN0:U
4N[02Hy5U-0QUl0
U~0QU-0QU-0QU-0QU,2RQ(6V]$:ZY >^E<"BA8&FM4*JI0.Nu
ae,1PTJW62
8;DD84AY+0I
0IY#0ND8:C0QUcD
Se,,ZU1DJU1TKU1dHU1
,/]U2DBU2TCU2
/2SWRO.*}`
agI9t&'0QUk9t
SU-0QU,%WU8TAU8
2DCU6T@U:
U=0AU=0AU=0AU=0AU=0AU=0AU=0AU=0AU=0EU90AU=0AU=0AU90AU=0AU=0AU=0PT,1PT,1PT,1PT,1PT,1PT,1PT,1PT,1PT,1PT,1PT,1PT=0PT,1PT,1PT,1PT/1ST/1ST/1ST/1ST/1ST/1ST/1ST/1ST/1ST/1ST/1ST/1ST=0ST/1ST/1ST/1ST/1PT-0QU-0QU-0QU
!@Z5,+YU6DAU6T^U6
EB44Ic%4N[
0'UL0#UD00UO0=UH0"U 0[U-0QUi0
S09AY?2
\U'BW%,8UU%BU%.PSe$:UU'
S>'_E!!D_?Ua_24A
PUm2QU,6SU+"Se4
EB44I@>:Ad88HB
T,1PT,1PT,1PT,1PT,1PT,1PT,1PT,1PT,1PT,1PT=0AU=0AU=0AU
PUM0QU,"WU?DBU?T@U?
A%,4PU)RQU,&[U;dAU;
A%,+[U6DDU6TEU6
A%,,]U1TGU1dDU1
Se,)[U4DZU4T[U4dXU4
PU/0QUtwSU\wSU
Ve,;RU&1wU)
E?!D]4unX46F
YU'bW%,$SU9bAe,
SU9bA%4
Ue,,]U1TCU1d@U1
,?WU"DRU'TSU(
G%8PEe,-SU0
RU]RSUdSSU
_initterm
YU=b]%,+XU6DuU6TrU6
M`ae/3PT
__iob_func
_set_invalid_parameter_handler
r~~Kmie+
AT:1YT=
RUynPU"UPUA
x]~"hmie
e)-=DY8
SU9bA%,
__setusermatherr
~"gmie0
NU2DOU2TLU2
__C_specific_handler
~VMmie0
\Ba4rpi
LU2DMU2TJU2
DU2DEU2TBU2
vU2DwU2TtU2
TU8DUU8TRU8
__set_app_type
__dllonexit
_amsg_exit

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: msvcrt.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 278528
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 296374
Suspicous: False cancel

Sections
Allowed: .text, .data, .rdata, .pdata, .xdata, .bss, .idata, .crt, .tls
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.22
Suspicious: False cancel
Subsystem
Version: 5.2
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5296
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: msvcrt.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-06-08 21:17:28
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 38

nopsequence
.text: 26

pushpopmath
.data: 41

garbagebytes
.data: 18

hookdetection
.data: 3

programcontrolflowchange
.data: 18

AVclass
cobaltstrike
1
VirusTotal
md5
b8d4b10821e714302d6fc60092934dc5
sha1
2db84283f01f4df9928dd0aceb99a87086ed6a5b
SCANS (DETECTION RATE = 78.26%)
AVG
result: Win64:HacktoolX-gen [Trj]
update: 20210418
version: 21.1.5827.0
detected: True check_circle

CMC
update: 20210327
version: 2.10.2019.1
detected: False cancel

MAX
result: malware (ai score=87)
update: 20210418
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20210416
version: 6.153
detected: True check_circle

Bkav
update: 20210416
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 0050e20c1 )
update: 20210418
version: 11.176.36958
detected: True check_circle

ALYac
result: Trojan.Agent.CobaltStrike
update: 20210418
version: 1.1.3.1
detected: True check_circle

Avast
result: Win64:HacktoolX-gen [Trj]
update: 20210418
version: 21.1.5827.0
detected: True check_circle

Avira
result: HEUR/AGEN.1137815
update: 20210418
version: 8.3.3.12
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20210412
version: 4.0.0.27
detected: True check_circle

Cyren
result: W64/Cobalt.A.gen!Eldorado
update: 20210418
version: 6.3.0.2
detected: True check_circle

DrWeb
result: BackDoor.Meterpreter.157
update: 20210418
version: 7.0.49.9080
detected: True check_circle

GData
result: Gen:Variant.Ursu.350187
update: 20210418
version: A:25.29355B:27.22701
detected: True check_circle

Panda
result: Trj/CI.A
update: 20210418
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20210416
version: 5.0.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20210418
version: 91920
detected: True check_circle

Zoner
update: 20210417
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Trojan.CobaltStrike-9044898-1
update: 20210418
version: 0.103.2.0
detected: True check_circle

Comodo
result: Malware@#1ete5yslz4uif
update: 20210418
version: 33446
detected: True check_circle

Ikarus
result: Trojan.Agent
update: 20210418
version: 0.1.5.2
detected: True check_circle

Lionic
result: Trojan.Win32.Generic.4!c
update: 20210418
version: 4.2
detected: True check_circle

McAfee
result: Trojan-FSXF!B8D4B10821E7
update: 20210418
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.CobaltStrike/x64!1.D04A (CLOUD)
update: 20210418
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/Generic-R + ATK/Cobalt-A
update: 20210418
version: 1.0.2.0
detected: True check_circle

Yandex
result: Trojan.GenAsa!ZICJWVi3Ujg
update: 20210415
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20210416
version: 2.0.0.4344
detected: False cancel

Acronis
update: 20210211
version: 1.1.1.81
detected: False cancel

Alibaba
result: Trojan:Win32/CobaltStrike.2621494a
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Ursu.D557EB
update: 20210418
version: 1.0.0.881
detected: True check_circle

Cylance
result: Unsafe
update: 20210418
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20210414
version: 4.0.20
detected: True check_circle

FireEye
result: Generic.mg.b8d4b10821e71430
update: 20210418
version: 32.44.1.0
detected: True check_circle

Sangfor
result: Suspicious.Win32.Agent.kf
update: 20210416
version: 2.9.0.0
detected: True check_circle

TACHYON
result: Trojan/W64.CobaltStrike.288256
update: 20210418
version: 2021-04-18.01
detected: True check_circle

Tencent
result: Malware.Win32.Gencirc.10ce3d62
update: 20210418
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20210417
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Riskware.Cobaltstrike
update: 20210418
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20210418
detected: False cancel

Ad-Aware
result: Gen:Variant.Ursu.350187
update: 20210418
version: 3.0.16.117
detected: True check_circle

Emsisoft
result: Gen:Variant.Ursu.350187 (B)
update: 20210418
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20210331
version: 12.0.86.52
detected: False cancel

Fortinet
result: W64/Agent.CY!tr
update: 20210418
version: 6.2.142.0
detected: True check_circle

Jiangmin
result: Trojan.Generic.fsici
update: 20210417
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20210418
version: 2017.9.26.565
detected: False cancel

Paloalto
result: generic.ml
update: 20210418
version: 1.0
detected: True check_circle

Symantec
result: Backdoor.Cobalt!gen1
update: 20210417
version: 1.14.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win64.CobaltStrike.R356638
update: 20210418
version: 3.19.7.10132
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20210418
version: 21.0.1.45
detected: True check_circle

MaxSecure
result: Trojan.Malware.7164915.susgen
update: 20210417
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Cobaltstrike.MK!MTB
update: 20210418
version: 1.1.18000.5
detected: True check_circle

Qihoo-360
result: Win32/HackTool.CobaltStrike.H8oApPAA
update: 20210418
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan.Win64.Krasnoglaz.gen
update: 20210418
version: 1.0
detected: True check_circle

Cybereason
result: malicious.821e71
update: 20210330
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win64/RiskWare.CobaltStrike.Artifact.A
update: 20210418
version: 23152
detected: True check_circle

Gridinsoft
result: Trojan.Win64.Agent.oa
update: 20210418
version: 1.0.37.128
detected: True check_circle

TrendMicro
result: Backdoor.Win64.COBEACON.SMA
update: 20210330
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Variant.Ursu.350187
update: 20210418
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20210203
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0050e20c1 )
update: 20210418
version: 11.176.36958
detected: True check_circle

SentinelOne
update: 20210215
version: 5.0.0.20
detected: False cancel

Malwarebytes
result: Trojan.CobaltStrike
update: 20210418
version: 4.2.2.27
detected: True check_circle

CAT-QuickHeal
update: 20210416
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win64.Meterpreter.iofrdt
update: 20210418
version: 1.0.146.25279
detected: True check_circle

BitDefenderTheta
update: 20210414
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Gen:Variant.Ursu.350187
update: 20210418
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20210416
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win64.Generic.dc
update: 20210418
version: v2019.1.2+3728
detected: True check_circle

TrendMicro-HouseCall
result: Backdoor.Win64.COBEACON.SMA
update: 20210418
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731
scan_id
055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731-1618750104
resource
b8d4b10821e714302d6fc60092934dc5
positives
54
scan_date
2021-04-18 12:48:24
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\sechost.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\sechost.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\version.DLL
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\version.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\version.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\imm32.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\imm32.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\imm32.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\imm32.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\imm32.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\imm32.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\CRYPTSP.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\cryptsp.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\cryptsp.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.434Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\rsaenh.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
6/8/2021 - 22:45:43.450Unknown2476C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\CRYPTBASE.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\cryptbase.dll
6/8/2021 - 22:45:43.450Unknown2476C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\cryptbase.dll
6/8/2021 - 22:45:43.450Unknown2476C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\SspiCli.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\sspicli.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\sspicli.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\nlaapi.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\nlaapi.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\NapiNSP.dll
6/8/2021 - 22:45:43.450Open2476C:\malware.exeC:\Windows\System32\NapiNSP.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\pnrpnsp.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\pnrpnsp.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\mswsock.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\mswsock.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\DNSAPI.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\dnsapi.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\dnsapi.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\winrnr.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\winrnr.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\IPHLPAPI.DLL
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\WINNSI.DLL
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\winnsi.dll
6/8/2021 - 22:45:43.528Open2476C:\malware.exeC:\Windows\System32\winnsi.dll
6/8/2021 - 22:45:43.590Open2476C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
6/8/2021 - 22:45:43.590Open2476C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\rasadhlp.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\rasadhlp.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\rasadhlp.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Secur32.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\secur32.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\secur32.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
6/8/2021 - 22:45:43.684Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
6/8/2021 - 22:45:43.684Unknown2476C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
6/8/2021 - 22:45:43.684Unknown2476C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\winhttp.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\winhttp.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\webio.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Windows\System32\webio.dll
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
6/8/2021 - 22:45:43.684Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
6/8/2021 - 22:45:43.684Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
6/8/2021 - 22:45:43.684Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
6/8/2021 - 22:45:43.684Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
6/8/2021 - 22:45:43.700Open2476C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
6/8/2021 - 22:45:43.700Open2476C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
6/8/2021 - 22:45:43.700Unknown2476C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
6/8/2021 - 22:45:43.700Open2476C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
6/8/2021 - 22:45:43.700Unknown2476C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
6/8/2021 - 22:45:43.762Open2476C:\malware.exeC:\Windows\System32\wship6.dll
6/8/2021 - 22:45:43.762Open2476C:\malware.exeC:\Windows\System32\wship6.dll
6/8/2021 - 22:45:43.809Open2476C:\malware.exeC:\Windows\System32\rpcss.dll
6/8/2021 - 22:45:43.809Open2476C:\malware.exeC:\Windows\System32\rpcss.dll
6/8/2021 - 22:45:43.809Open2476C:\malware.exeC:\Windows\System32\rpcss.dll
6/8/2021 - 22:45:43.809Open2476C:\malware.exeC:\Windows\System32\rpcss.dll
6/8/2021 - 22:45:43.856Open2476C:\malware.exeC:\Windows\System32\netprofm.dll
6/8/2021 - 22:45:43.856Open2476C:\malware.exeC:\Windows\System32\netprofm.dll
6/8/2021 - 22:45:43.903Open2476C:\malware.exeC:\dhcpcsvc6.DLL
6/8/2021 - 22:45:43.903Open2476C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
6/8/2021 - 22:45:43.903Unknown2476C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
6/8/2021 - 22:45:43.903Open2476C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
6/8/2021 - 22:45:43.903Unknown2476C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
6/8/2021 - 22:45:43.950Open2476C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
6/8/2021 - 22:45:43.950Open2476C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
6/8/2021 - 22:45:43.950Open2476C:\malware.exeC:\dhcpcsvc.DLL
6/8/2021 - 22:45:43.950Open2476C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
6/8/2021 - 22:45:43.950Open2476C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
6/8/2021 - 22:45:43.950Open2476C:\malware.exeC:\RpcRtRemote.dll
6/8/2021 - 22:45:43.950Open2476C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
6/8/2021 - 22:45:43.950Unknown2476C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
6/8/2021 - 22:45:43.950Open2476C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
6/8/2021 - 22:45:43.950Unknown2476C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
6/8/2021 - 22:45:44.43Open2476C:\malware.exeC:\Windows\System32\npmproxy.dll
6/8/2021 - 22:45:44.43Open2476C:\malware.exeC:\Windows\System32\npmproxy.dll
6/8/2021 - 22:45:44.965Open2476C:\malware.exeC:\Windows\System32\wininet.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\malware.exe.Local
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
6/8/2021 - 22:45:44.981Unknown2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
6/8/2021 - 22:45:44.981Unknown2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
6/8/2021 - 22:45:44.981Unknown2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\WindowsShell.Manifest
6/8/2021 - 22:45:44.981Unknown2476C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wship6.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wship6.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wship6.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wshqos.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wshqos.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wshqos.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wshqos.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wshqos.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wshqos.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wshqos.dll
6/8/2021 - 22:45:44.981Open2476C:\malware.exeC:\Windows\System32\wshqos.dll
6/8/2021 - 22:45:45.28Open2476C:\malware.exeC:\credssp.dll
6/8/2021 - 22:45:45.28Open2476C:\malware.exeC:\Windows\System32\credssp.dll
6/8/2021 - 22:45:45.28Open2476C:\malware.exeC:\Windows\System32\credssp.dll
6/8/2021 - 22:45:45.28Open2476C:\malware.exeC:\Windows\System32\schannel.dll
6/8/2021 - 22:45:45.28Open2476C:\malware.exeC:\Windows\System32\schannel.dll
6/8/2021 - 22:45:45.28Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
6/8/2021 - 22:45:45.28Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
6/8/2021 - 22:45:45.28Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
6/8/2021 - 22:45:45.28Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
6/8/2021 - 22:45:45.28Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
6/8/2021 - 22:45:45.28Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
6/8/2021 - 22:45:45.28Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
6/8/2021 - 22:45:45.90Open2476C:\malware.exeC:\ncrypt.dll
6/8/2021 - 22:45:45.90Open2476C:\malware.exeC:\Windows\System32\ncrypt.dll
6/8/2021 - 22:45:45.90Open2476C:\malware.exeC:\Windows\System32\ncrypt.dll
6/8/2021 - 22:45:45.90Open2476C:\malware.exeC:\bcrypt.dll
6/8/2021 - 22:45:45.90Open2476C:\malware.exeC:\Windows\System32\bcrypt.dll
6/8/2021 - 22:45:45.90Open2476C:\malware.exeC:\Windows\System32\bcrypt.dll
6/8/2021 - 22:45:45.90Open2476C:\malware.exeC:\Windows\System32\bcryptprimitives.dll
6/8/2021 - 22:45:45.90Unknown2476C:\malware.exeC:\Windows\System32\bcryptprimitives.dllbcryptprimitives.dll
6/8/2021 - 22:45:45.90Open2476C:\malware.exeC:\Windows\System32\bcryptprimitives.dll
6/8/2021 - 22:45:45.90Unknown2476C:\malware.exeC:\Windows\System32\bcryptprimitives.dllbcryptprimitives.dll
6/8/2021 - 22:45:45.106Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
6/8/2021 - 22:45:45.106Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
6/8/2021 - 22:45:45.106Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
6/8/2021 - 22:45:45.106Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
6/8/2021 - 22:45:45.106Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
6/8/2021 - 22:45:45.106Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
6/8/2021 - 22:45:45.106Open2476C:\malware.exeC:\GPAPI.dll
6/8/2021 - 22:45:45.106Open2476C:\malware.exeC:\Windows\System32\gpapi.dll
6/8/2021 - 22:45:45.106Open2476C:\malware.exeC:\Windows\System32\gpapi.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
6/8/2021 - 22:45:45.200Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
6/8/2021 - 22:45:45.200Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
6/8/2021 - 22:45:45.200Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\p2pcollab.dll
6/8/2021 - 22:45:45.200Unknown2476C:\malware.exeC:\Windows\System32\p2pcollab.dllp2pcollab.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\p2pcollab.dll
6/8/2021 - 22:45:45.200Unknown2476C:\malware.exeC:\Windows\System32\p2pcollab.dllp2pcollab.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\QAGENTRT.DLL
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\QAGENTRT.DLL
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\dnsapi.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\dnsapi.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\fveui.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\fveui.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\fveui.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\fveui.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\wuaueng.dll
6/8/2021 - 22:45:45.200Open2476C:\malware.exeC:\Windows\System32\wuaueng.dll
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
6/8/2021 - 22:45:45.262Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
6/8/2021 - 22:45:45.262Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
6/8/2021 - 22:45:43.700Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
6/8/2021 - 22:45:43.700Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
6/8/2021 - 22:45:43.700Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
6/8/2021 - 22:45:43.700Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
6/8/2021 - 22:45:43.700Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
6/8/2021 - 22:45:43.700Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
6/8/2021 - 22:45:44.90Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
6/8/2021 - 22:45:44.90Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
6/8/2021 - 22:45:44.90Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
6/8/2021 - 22:45:44.90Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.200Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
6/8/2021 - 22:45:45.262Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
6/8/2021 - 22:45:45.262Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
6/8/2021 - 22:45:45.262Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
6/8/2021 - 22:45:45.309Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
6/8/2021 - 22:45:45.309Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
6/8/2021 - 22:45:45.309Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
6/8/2021 - 22:45:45.309Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 53.75%
suspicious: True check_circle

NFS 3.0 (Threshold = 0.75)
confidence: 73.33%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.56%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 51.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 59.00%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download