Report #6345 check_circle

  • Creation Date: Feb. 17, 2020, 12:54 p.m.
  • Last Update: Feb. 17, 2020, 1:09 p.m.
  • File: 33ZzPrOI.exe
  • Results:
Binary
DLL
False cancel
Size
5.70MB
trid
52.9% Win32 Executable
23.5% Generic Win/DOS Executable
23.5% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e7751452361989d3a6222538a3a87ccd
sha1
5cb59243658f9f507186321ad8860efaa0aa813d
crc32
0xa6b48acf
sha224
add7f550217327386bc6c36e673dfef244455379060fb25f1cbdf164
sha256
fe1b98ea6fc32a799ee3b6ce50212f6105f14f54b91ed2be475d62633e889665
sha384
b58b4b15d9a3d6b04803b5a5318bfcf66eb2ab38f6721ec77e83f773be92ca6b6f491f9dc6f4a77a6549bd5d26e48ec8
sha512
714ea3de85728bdee82054cb5c4e05338b577e0b45b752bd06fc5c33cb8ff5c3ec91b00d89f9dd6f257e9c9ed9b3301a8f187c3b7dc2f7d0c8c29f49bd1f5873
ssdeep
98304:ps2qeVX0PWG3VtjWnaW8FaZ3GLE9oQTSdrSZ6s9iICZRxpL97h5XD0:ps2hkPBlt7DaQQ9DTkSQs9iIC9f7h5Xg
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
win_private_profile, ThreadControl__Context, CRC32_poly_Constant, VC8_Microsoft_Corporation, DebuggerException__SetConsoleCtrl, Check_OutputDebugStringA_iat, CRC32_table, TEAN, win_files_operation, IsPacked, contentis_base64, screenshot, win_mutex, keylogger, VirtualPC_Detection, IsPE32, maldoc_find_kernel32_base_method_1, vmdetect, IsWindowsGUI, anti_dbg, DebuggerHiding__Active, url, Microsoft_Visual_Cpp_8, HasOverlay

Suspicious
True check_circle

Strings
List
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Bhttp://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
,http://crl4.digicert.com/sha2-assured-ts.crl0
/http://crl4.digicert.com/sha2-assured-cs-g1.crl0B
,http://crl3.digicert.com/sha2-assured-ts.crl02
/http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Dhttp://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
.http://www.digicert.com/ssl-cps-repository.htm0
.http://www.digicert.com/ssl-cps-repository.htm0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
(http://crl3.digicert.com/ha-cs-2011a.crl0.
(http://crl4.digicert.com/ha-cs-2011a.crl0L
t.Ht
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
t.pS
h.PA
c.As
eS.DK
D.NU
p.IE
http://www.avast.com0/
R.dO
_t.mo
7+@s.Am'
http://www.avast.com0
I.it
R.sa
R.lA
0.AD
b.vC
K.Ac
K.uy
N.Cy
G.Mv
o.PK
a.Pf
d.MC
Ix.Yt
A.kP
18.Cm
lp.pr
l.sj
k.th
7r.bi
C:\boost\1.47\include\boost/exception/detail/exception_ptr.hpp
J.bH
q.Td
X.Bh
_qg.KG
4X.gw
U.Jm
b.BJ
X.tW
q.CY
{A.MS.vs$n
a.cz
a.bz
http://ocsp.digicert.com0A
http://ocsp.digicert.com0O
http://ocsp.digicert.com0I
http://ocsp.digicert.com0P
http://ocsp.digicert.com0C
http://ocsp.digicert.com0C
http://ocsp.digicert.com0C
http://ocsp.digicert.com0N
1O.whjr
Error: Access violation at 0x%1$08X (tried to %2% 0x%3$08X), program terminated. LastCP is '%4%'.
-%/2
,NB7A
w=l#e.
Rdl^`
fe,,H:
F`GA-D
~Teb;
/I:Ds
(asF_d%|
7fDM/ h
D$<SUVW
D$<SUVW

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://crl.microsoft.com/pki/crl/products/microsoftcodeverifroot.crl0
hasURLs: True check_circle
Suspicious: http://crl3.digicert.com/digicerthighassuranceevrootca.crl0@, http://crl4.digicert.com/sha2-assured-cs-g1.crl0b, http://crl4.digicert.com/digicertassuredidca-1.crl0w, http://crl3.digicert.com/sha2-assured-cs-g1.crl05, http://cacerts.digicert.com/digicertassuredidrootca.crt0, http://cacerts.digicert.com/digicerthighassuranceevrootca.crt0, http://www.avast.com0, http://crl3.digicert.com/ha-cs-2011a.crl0., http://crl3.digicert.com/digicertassuredidrootca.crl0:, http://crl4.digicert.com/digicerthighassuranceevrootca.crl0, http://cacerts.digicert.com/digicertsha2assuredidtimestampingca.crt0, http://ocsp.digicert.com0c, http://ocsp.digicert.com0a, http://ocsp.digicert.com0o, http://ocsp.digicert.com0n, http://crl3.digicert.com/digicertassuredidrootca.crl0p, http://ocsp.digicert.com0i, http://www.avast.com0/, http://cacerts.digicert.com/digicerthighassurancecodesigningca-1.crt0, http://ocsp.digicert.com0p, http://crl3.digicert.com/sha2-assured-ts.crl02, http://cacerts.digicert.com/digicertsha2assuredidcodesigningca.crt0, http://crl4.digicert.com/ha-cs-2011a.crl0l, http://crl4.digicert.com/sha2-assured-ts.crl0, http://crl4.digicert.com/digicertassuredidrootca.crl0, http://cacerts.digicert.com/digicertassuredidca-1.crt0, http://crl4.digicert.com/digicertassuredidrootca.crl0:, http://crl3.digicert.com/digicertassuredidrootca.crl0o, https://www.digicert.com/cps0, http://www.digicert.com/ssl-cps-repository.htm0, http://crl3.digicert.com/digicertassuredidca-1.crl08
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: wUSER32.DLL, ADVAPI32.DLL, KERNEL32.DLL, mscoree.dll, SHELL32.dll, USER32.dll, COMCTL32.DLL, GDI32.dll, COMDLG32.dll
hasFiles: True check_circle
Suspicious: h*.db
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4993024
Suspicious: False cancel
Image
Address: 133300224
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 9430854
Suspicous: False cancel

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .tls, .rdata, .reloc, .text1, .adata, .data1, .reloc1, .pdata, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 83.82
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 3201870
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, kernel32.dll, mscoree.dll, shell32.dll, user32.dll, comctl32.dll, gdi32.dll, comdlg32.dll
hasLibs: True check_circle
Suspicious: wuser32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-02-16 12:27:29
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
armadillo
1
VirusTotal
md5
e7751452361989d3a6222538a3a87ccd
sha1
5cb59243658f9f507186321ad8860efaa0aa813d
SCANS (DETECTION RATE = 55.56%)
AVG
result: FileRepMalware
update: 20190606
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=87)
update: 20190608
version: 2018.9.12.1
detected: True check_circle

APEX
update: 20190606
version: 5.25
detected: False cancel

Bkav
update: 20190607
version: 1.3.0.10239
detected: False cancel

K7GW
result: Trojan ( 005062071 )
update: 20190608
version: 11.48.31164
detected: True check_circle

ALYac
result: Trojan.GenericKD.40128808
update: 20190607
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Evo-gen [Susp]
update: 20190606
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20190608
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190607
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190607
version: 7.0.34.11020
detected: False cancel

GData
result: Trojan.GenericKD.40128808
update: 20190608
version: A:25.22296B:25.15266
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20190607
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanSpy.Banker
update: 20190607
version: 4.0.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20190607
version: 75532
detected: True check_circle

Zoner
update: 20190608
version: 1.0
detected: False cancel

ClamAV
update: 20190607
version: 0.101.2.0
detected: False cancel

Comodo
update: 20190608
version: 30987
detected: False cancel

F-Prot
update: 20190608
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Win32.Armadillo
update: 20190607
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!E77514523619
update: 20190607
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Generic!8.C3 (CLOUD)
update: 20190608
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20190608
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!LT75Ei2NXck
update: 20190607
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Banbra.Win32.26682
update: 20190607
version: 2.0.0.3828
detected: True check_circle

Acronis
update: 20190605
version: 1.0.1.51
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Generic.D2645128
update: 20190608
version: 1.0.0.846
detected: True check_circle

Babable
update: 20190424
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20190608
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190522
version: 3.0.12
detected: True check_circle

FireEye
result: Generic.mg.e7751452361989d3
update: 20190607
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190607
version: 2019-06-07.02
detected: False cancel

Tencent
result: Win32.Trojan.Falsesign.Akor
update: 20190608
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190607
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190608
version: 1.0.0.403
detected: False cancel

eGambit
result: PE.Heur.InvalidSig
update: 20190608
version: v4.3.6
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.40128808
update: 20190607
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20190607
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.40128808 (B)
update: 20190607
version: 2018.4.0.1029
detected: True check_circle

F-Secure
update: 20190607
version: 12.0.86.52
detected: False cancel

Fortinet
result: Generik.NCQJJN!tr
update: 20190608
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190525
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: Trojan.Inject.ung
update: 20190529
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190608
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190608
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20190607
version: 1.9.0.0
detected: True check_circle

Trapmine
update: 20190522
version: 3.1.62.789
detected: False cancel

AhnLab-V3
result: Malware/Win32.Generic.C1890258
update: 20190607
version: 3.15.2.24317
detected: True check_circle

Antiy-AVL
update: 20190607
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20190608
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanSpy:Win32/Banker
update: 20190607
version: 1.1.16000.6
detected: True check_circle

Qihoo-360
result: Win32/RootKit.Rootkit.7e5
update: 20190608
version: 1.0.0.1120
detected: True check_circle

Trustlook
update: 20190608
version: 1.0
detected: False cancel

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20190607
version: 1.0
detected: True check_circle

Cybereason
result: malicious.236198
update: 20190417
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Packed.Armadillo.ABG
update: 20190608
version: 19488
detected: True check_circle

TrendMicro
update: 20190607
version: 10.0.0.1040
detected: False cancel

BitDefender
result: Trojan.GenericKD.40128808
update: 20190607
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190212
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan ( 005062071 )
update: 20190607
version: 11.48.31164
detected: True check_circle

SentinelOne
update: 20190604
version: 1.0.27.333
detected: False cancel

Avast-Mobile
update: 20190606
version: 190606-00
detected: False cancel

Malwarebytes
update: 20190608
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190607
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190606
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Zusy.erzcpc
update: 20190608
version: 1.0.134.24826
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.40128808
update: 20190608
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190604
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20190607
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20190607
version: 10.0.0.1040
detected: False cancel

total
72
sha256
fe1b98ea6fc32a799ee3b6ce50212f6105f14f54b91ed2be475d62633e889665
scan_id
fe1b98ea6fc32a799ee3b6ce50212f6105f14f54b91ed2be475d62633e889665-1559954000
resource
e7751452361989d3a6222538a3a87ccd
positives
40
scan_date
2019-06-08 00:33:20
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
17/2/2020 - 12:45:44.215Unknown2308C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\CRYPTSP.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.215Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.231Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.231Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
17/2/2020 - 12:45:44.231Open2308C:\malware.exeC:\RpcRtRemote.dll
17/2/2020 - 12:45:44.231Open2308C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
17/2/2020 - 12:45:44.231Unknown2308C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
17/2/2020 - 12:45:44.231Open2308C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
17/2/2020 - 12:45:44.231Unknown2308C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
17/2/2020 - 12:45:44.450Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
17/2/2020 - 12:45:44.450Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
17/2/2020 - 12:45:44.450Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
17/2/2020 - 12:45:44.450Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
17/2/2020 - 12:45:44.465Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
17/2/2020 - 12:45:44.465Open2308C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
17/2/2020 - 12:45:44.465Open2308C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
17/2/2020 - 12:45:46.12Open2308C:\malware.exeC:\malware.INI
17/2/2020 - 12:45:46.12Open2308C:\malware.exeC:\malware.INI
17/2/2020 - 12:45:46.12Open2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.418Read2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.418Read2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.418Read2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.481Read2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.497Open2308C:\malware.exeC:\
17/2/2020 - 12:45:46.497Unknown2308C:\malware.exeC:\
17/2/2020 - 12:45:46.497Open2308C:\malware.exeC:\inetmib1.dll
17/2/2020 - 12:45:46.497Open2308C:\malware.exeC:\Windows\SysWOW64\inetmib1.dll
17/2/2020 - 12:45:46.543Open2308C:\malware.exeC:\Windows\SysWOW64\inetmib1.dll
17/2/2020 - 12:45:46.731Open2308C:\malware.exeC:\IPHLPAPI.DLL
17/2/2020 - 12:45:46.731Open2308C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
17/2/2020 - 12:45:46.731Open2308C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
17/2/2020 - 12:45:46.731Open2308C:\malware.exeC:\WINNSI.DLL
17/2/2020 - 12:45:46.731Open2308C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
17/2/2020 - 12:45:46.731Open2308C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
17/2/2020 - 12:45:46.731Open2308C:\malware.exeC:\snmpapi.dll
17/2/2020 - 12:45:46.731Open2308C:\malware.exeC:\Windows\SysWOW64\snmpapi.dll
17/2/2020 - 12:45:46.731Open2308C:\malware.exeC:\Windows\SysWOW64\snmpapi.dll
17/2/2020 - 12:45:47.12Open2308C:\malware.exeC:\ProgramData
17/2/2020 - 12:45:47.12Open2308C:\malware.exeC:\ProgramData
17/2/2020 - 12:45:47.12Unknown2308C:\malware.exeC:\ProgramData
17/2/2020 - 12:45:47.12Open2308C:\malware.exeC:\ProgramData\TEMP
17/2/2020 - 12:45:47.12Open2308C:\malware.exeC:\ProgramData\TEMP
17/2/2020 - 12:45:47.12Unknown2308C:\malware.exeC:\ProgramData\TEMP
17/2/2020 - 12:45:47.12Open2308C:\malware.exeC:\ProgramData\TEMP\RAIDTest
17/2/2020 - 12:45:47.12Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.12Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.59Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.106Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.153Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.200Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.247Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.293Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.340Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.528Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.575Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.622Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.668Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.715Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.762Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.809Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.856Open2308C:\malware.exe\Device\HarddiskVolume2
17/2/2020 - 12:45:47.903Open2308C:\malware.exeC:\ProgramData\TEMP
17/2/2020 - 12:45:47.903Unknown2308C:\malware.exeC:\ProgramData\TEMP
17/2/2020 - 12:45:47.903Open2308C:\malware.exeC:\ProgramData\TEMP\RAIDTest
17/2/2020 - 12:45:47.903Write2308C:\malware.exeC:\ProgramData\TEMP\RAIDTest
17/2/2020 - 12:45:47.918Open2308C:\malware.exeC:\malware.INI
17/2/2020 - 12:45:47.997Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:47.997Open2308C:\malware.exeC:\Windows
17/2/2020 - 12:45:47.997Unknown2308C:\malware.exeC:\Windows
17/2/2020 - 12:45:47.997Open2308C:\malware.exeC:\
17/2/2020 - 12:45:47.997Unknown2308C:\malware.exeC:\
17/2/2020 - 12:45:47.997Open2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:47.997Unknown2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:47.997Open2308C:\malware.exeC:\Windows
17/2/2020 - 12:45:47.997Unknown2308C:\malware.exeC:\Windows
17/2/2020 - 12:45:47.997Open2308C:\malware.exeC:\Windows\SysWOW64
17/2/2020 - 12:45:47.997Unknown2308C:\malware.exeC:\Windows\SysWOW64
17/2/2020 - 12:45:47.997Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
17/2/2020 - 12:45:47.997Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
17/2/2020 - 12:45:48.12Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\BB23663D05BDA7A0.TMP
17/2/2020 - 12:45:48.12Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Open2308C:\malware.exeC:\malware.INI
17/2/2020 - 12:45:48.59Open2308C:\malware.exeC:\malware.INI
17/2/2020 - 12:45:48.59Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\BB23663D.RRef
17/2/2020 - 12:45:48.59Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.59Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:48.559Open2308C:\malware.exeC:\msimg32.dll
17/2/2020 - 12:45:48.559Open2308C:\malware.exeC:\Windows\SysWOW64\msimg32.dll
17/2/2020 - 12:45:48.559Open2308C:\malware.exeC:\Windows\SysWOW64\msimg32.dll
17/2/2020 - 12:45:48.559Open2308C:\malware.exeC:\SHFolder.dll
17/2/2020 - 12:45:48.559Open2308C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
17/2/2020 - 12:45:48.559Open2308C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
17/2/2020 - 12:45:48.950Open2308C:\malware.exeC:\winspool.drv
17/2/2020 - 12:45:48.950Open2308C:\malware.exeC:\Windows\SysWOW64\winspool.drv
17/2/2020 - 12:45:48.950Open2308C:\malware.exeC:\Windows\SysWOW64\winspool.drv
17/2/2020 - 12:45:49.418Open2308C:\malware.exeC:\wsock32.dll
17/2/2020 - 12:45:49.418Open2308C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
17/2/2020 - 12:45:49.418Open2308C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
17/2/2020 - 12:45:49.653Open2308C:\malware.exeC:\winmm.dll
17/2/2020 - 12:45:49.653Open2308C:\malware.exeC:\Windows\SysWOW64\winmm.dll
17/2/2020 - 12:45:49.653Open2308C:\malware.exeC:\Windows\SysWOW64\winmm.dll
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:49.668Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Unknown2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\Windows\SysWOW64\tzres.dll
17/2/2020 - 12:45:49.668Open2308C:\malware.exeC:\Windows\SysWOW64\tzres.dll
17/2/2020 - 12:45:49.684Open2308C:\malware.exeC:\Windows\SysWOW64\tzres.dll
17/2/2020 - 12:45:49.684Open2308C:\malware.exeC:\Windows\SysWOW64\tzres.dll
17/2/2020 - 12:45:49.684Open2308C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
17/2/2020 - 12:45:49.684Open2308C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
17/2/2020 - 12:45:49.731Open2308C:\malware.exeC:\dwmapi.dll
17/2/2020 - 12:45:49.731Open2308C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
17/2/2020 - 12:45:49.731Open2308C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
17/2/2020 - 12:45:49.731Open2308C:\malware.exeC:\wtsapi32.dll
17/2/2020 - 12:45:49.731Open2308C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
17/2/2020 - 12:45:49.731Open2308C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
17/2/2020 - 12:45:49.731Open2308C:\malware.exeC:\WINSTA.dll
17/2/2020 - 12:45:49.731Open2308C:\malware.exeC:\Windows\SysWOW64\winsta.dll
17/2/2020 - 12:45:49.731Open2308C:\malware.exeC:\Windows\SysWOW64\winsta.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\Fonts\StaticCache.dat
17/2/2020 - 12:45:49.778Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\kernel.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\SysWOW64\kernel.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\system\kernel.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\kernel.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Monitor\kernel.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\SysWOW64\kernel.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\kernel.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\kernel.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\kernel.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\security.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\SysWOW64\security.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\SysWOW64\security.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\SECUR32.DLL
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\SysWOW64\secur32.dll
17/2/2020 - 12:45:49.778Open2308C:\malware.exeC:\Windows\SysWOW64\secur32.dll
17/2/2020 - 12:45:49.793Open2308C:\malware.exeC:\malware.exe.Local
17/2/2020 - 12:45:49.793Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
17/2/2020 - 12:45:49.795Unknown2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
17/2/2020 - 12:45:49.796Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
17/2/2020 - 12:45:49.796Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
17/2/2020 - 12:45:49.797Read2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
17/2/2020 - 12:45:49.798Open2308C:\malware.exeC:\Windows\Fonts\sserife.fon
17/2/2020 - 12:45:49.802Open2308C:\malware.exeC:\Fwpuclnt.dll
17/2/2020 - 12:45:49.802Open2308C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
17/2/2020 - 12:45:49.803Open2308C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
17/2/2020 - 12:45:49.807Open2308C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
17/2/2020 - 12:45:49.807Open2308C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
17/2/2020 - 12:45:49.808Open2308C:\malware.exeC:\malware.exe.Local
17/2/2020 - 12:45:49.808Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
17/2/2020 - 12:45:49.809Unknown2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
17/2/2020 - 12:45:49.809Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
17/2/2020 - 12:45:49.809Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
17/2/2020 - 12:45:49.810Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
17/2/2020 - 12:45:49.811Open2308C:\malware.exeC:\Windows\WindowsShell.Manifest
17/2/2020 - 12:45:49.812Unknown2308C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
17/2/2020 - 12:45:49.816Open2308C:\malware.exeC:\Users\Behemot\AppData\Local
17/2/2020 - 12:45:49.816Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local
17/2/2020 - 12:45:49.817Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\Local State
17/2/2020 - 12:45:49.817Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
17/2/2020 - 12:45:49.854Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Aplicativo Itau\itauaplicativo.exe
17/2/2020 - 12:45:49.854Open2308C:\malware.exeC:\Program Files\AppBrad\AplicativoBradesco.exe
17/2/2020 - 12:45:49.854Open2308C:\malware.exeC:\Program Files (x86)\AppBrad\AplicativoBradesco.exe
17/2/2020 - 12:45:49.855Open2308C:\malware.exeC:\Program Files\Diebold\Warsaw\core.exe
17/2/2020 - 12:45:49.855Open2308C:\malware.exeC:\Program Files (x86)\GbPlugin\GbpSv.exe
17/2/2020 - 12:45:49.856Open2308C:\malware.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
17/2/2020 - 12:45:49.857Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
17/2/2020 - 12:45:49.858Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
17/2/2020 - 12:45:50.58Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
17/2/2020 - 12:45:50.58Open2308C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
17/2/2020 - 12:45:50.59Open2308C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
17/2/2020 - 12:45:50.94Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
17/2/2020 - 12:45:50.94Unknown2308C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
17/2/2020 - 12:45:50.128Open2308C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
17/2/2020 - 12:45:50.128Open2308C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
17/2/2020 - 12:45:50.131Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
17/2/2020 - 12:45:50.131Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
17/2/2020 - 12:45:50.167Open2308C:\malware.exeC:\SXS.DLL
17/2/2020 - 12:45:50.167Open2308C:\malware.exeC:\Windows\SysWOW64\sxs.dll
17/2/2020 - 12:45:50.168Open2308C:\malware.exeC:\Windows\SysWOW64\sxs.dll
17/2/2020 - 12:45:50.169Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.204Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.204Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.205Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.205Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.205Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.206Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.206Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.206Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.207Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.207Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.207Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.208Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.208Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.208Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.208Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.208Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:50.210Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
17/2/2020 - 12:45:50.210Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
17/2/2020 - 12:45:50.216Open2308C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
17/2/2020 - 12:45:50.217Open2308C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
17/2/2020 - 12:45:50.218Open2308C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
17/2/2020 - 12:45:50.219Open2308C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
17/2/2020 - 12:45:50.224Open2308C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
17/2/2020 - 12:45:50.225Open2308C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
17/2/2020 - 12:45:50.230Open2308C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
17/2/2020 - 12:45:50.231Open2308C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
17/2/2020 - 12:45:50.232Open2308C:\malware.exeC:\DNSAPI.dll
17/2/2020 - 12:45:50.233Open2308C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
17/2/2020 - 12:45:50.233Open2308C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
17/2/2020 - 12:45:50.235Open2308C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
17/2/2020 - 12:45:50.235Open2308C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
17/2/2020 - 12:45:50.340Open2308C:\malware.exeC:\rasadhlp.dll
17/2/2020 - 12:45:50.341Open2308C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
17/2/2020 - 12:45:50.341Open2308C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
17/2/2020 - 12:45:50.476Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
17/2/2020 - 12:45:50.477Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
17/2/2020 - 12:45:50.610Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
17/2/2020 - 12:45:50.611Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
17/2/2020 - 12:45:50.612Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
17/2/2020 - 12:45:50.612Open2308C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
17/2/2020 - 12:45:50.613Open2308C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
17/2/2020 - 12:45:50.818Read2308C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
17/2/2020 - 12:45:51.291Open2308C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
17/2/2020 - 12:45:51.291Open2308C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
17/2/2020 - 12:45:51.813Open2308C:\malware.exeC:\Windows\SysWOW64\wship6.dll
17/2/2020 - 12:45:51.814Open2308C:\malware.exeC:\Windows\SysWOW64\wship6.dll
17/2/2020 - 12:45:51.830Open2308C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
17/2/2020 - 12:45:51.831Open2308C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
17/2/2020 - 12:45:51.833Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
17/2/2020 - 12:45:51.834Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
17/2/2020 - 12:45:51.862Open2308C:\malware.exeC:\Windows\Fonts\wingding.ttf
17/2/2020 - 12:45:51.870Open2308C:\malware.exeC:\Windows\Fonts\wingding.ttf
17/2/2020 - 12:45:51.871Open2308C:\malware.exeC:\Windows\Fonts\symbol.ttf
17/2/2020 - 12:45:51.872Open2308C:\malware.exeC:\Windows\Fonts\symbol.ttf
17/2/2020 - 12:45:51.875Open2308C:\malware.exeC:\Windows\Fonts\arialbd.ttf
17/2/2020 - 12:45:51.875Open2308C:\malware.exeC:\Windows\Fonts\arialbd.ttf
17/2/2020 - 12:45:51.876Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
17/2/2020 - 12:45:52.214Open2308C:\malware.exeC:\Windows\Fonts\verdana.ttf
17/2/2020 - 12:45:52.282Open2308C:\malware.exeC:\Windows\Fonts\verdana.ttf
17/2/2020 - 12:45:52.316Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
17/2/2020 - 12:45:52.349Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
17/2/2020 - 12:45:53.760Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\icone.cur
17/2/2020 - 12:45:53.761Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.761Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.761Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.762Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.762Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.762Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.763Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.763Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.764Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.764Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.764Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.765Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.765Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.765Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.766Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.766Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.767Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.767Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.767Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.768Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.768Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.769Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.769Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.769Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.770Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.770Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.771Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.771Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.771Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.772Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.772Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.773Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.773Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.773Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.773Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.774Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.775Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.775Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.775Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.775Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.776Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.777Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.777Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.777Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.777Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.778Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.779Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.779Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.779Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.779Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.780Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.781Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.781Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.781Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.781Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.781Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.819Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.819Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.820Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.820Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.820Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:45:53.821Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.821Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
17/2/2020 - 12:45:53.822Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
17/2/2020 - 12:45:53.822Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
17/2/2020 - 12:45:53.822Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
17/2/2020 - 12:46:3.648Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:3.649Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:3.649Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:3.649Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:3.649Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:3.649Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:18.665Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:18.666Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:18.666Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:18.666Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:18.666Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:18.666Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:33.673Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:33.674Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:33.674Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:33.674Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:33.674Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:33.674Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:49.666Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:49.666Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:49.666Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:49.666Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:49.667Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:46:49.667Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:5.659Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:5.660Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:5.660Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:5.660Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:5.660Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:5.660Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:20.720Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:20.720Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:20.720Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:20.720Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:20.720Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:20.721Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:36.642Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:36.642Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:36.643Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:36.643Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:36.643Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:36.643Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:52.659Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:52.660Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:52.660Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:52.660Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:52.660Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:47:52.660Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:8.649Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:8.650Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:8.650Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:8.650Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:8.650Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:8.650Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:23.674Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:23.675Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:23.675Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:23.675Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:23.675Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:23.675Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:39.658Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:39.659Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:39.659Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:39.659Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:39.659Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:39.659Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:55.651Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:55.652Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:55.652Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:55.652Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:55.652Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:48:55.652Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:10.716Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:10.717Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:10.717Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:10.717Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:10.717Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:10.717Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:26.650Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:26.650Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:26.651Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:26.651Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:26.651Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:26.651Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:42.651Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:42.652Write2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:42.652Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:42.652Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:42.652Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP
17/2/2020 - 12:49:42.652Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\70292FAA.TMP

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
17/2/2020 - 12:45:47.12Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\ParametersTrapPollTimeMilliSecs
17/2/2020 - 12:45:47.903Write2308C:\malware.exeHKCU\Software\Licenses{K7C0DB872A3F777C0}
17/2/2020 - 12:45:47.903Delete2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}0
17/2/2020 - 12:45:47.903Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}
17/2/2020 - 12:45:47.903Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}\InprocServer32
17/2/2020 - 12:45:47.903Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}\InprocServer32ThreadingModel
17/2/2020 - 12:45:47.903Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}\MiscStatus
17/2/2020 - 12:45:47.903Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}\MiscStatus\1
17/2/2020 - 12:45:47.903Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}\ProgID
17/2/2020 - 12:45:47.903Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}\ToolboxBitmap32
17/2/2020 - 12:45:47.918Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}\TypeLib
17/2/2020 - 12:45:47.918Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}\Version
17/2/2020 - 12:45:47.918Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43E0EE73-1BE6-41A3-3A0B-23872362520E}\VersionIndependentProgID
17/2/2020 - 12:45:48.12Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:45:48.59Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:45:49.668Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:45:49.853Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runmalware.exe
17/2/2020 - 12:46:3.648Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:46:18.665Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:46:33.673Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:46:49.666Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:47:5.659Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:47:20.719Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:47:36.642Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:47:52.659Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:48:8.649Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:48:23.674Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:48:39.658Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:48:55.651Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:49:10.716Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:49:26.650Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}
17/2/2020 - 12:49:42.651Write2308C:\malware.exeHKCU\Software\Licenses{IBB23663D05BDA7A0}

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code fantas-001-site1.btempurl.com.
computer localhost arrow_forward computer gateway:DNS code fantas-001-site1.btempurl.com.

Response

TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 77.95%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.07%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 70.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 38.64%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download