Report #6347 check_circle

  • Creation Date: Feb. 17, 2020, 12:54 p.m.
  • Last Update: Feb. 17, 2020, 1:29 p.m.
  • File: dmadmin.exe
  • Results:
Binary
DLL
False cancel
Size
222.00KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
956daf8fc11590a30734289d8f8f9597
sha1
d1591e283326bfce0f486f01973c72d2a9797fba
crc32
0x6f23c91e
sha224
012d9bfabe7336931fb6f827e0f8130e510987881b7a4c47d66c2865
sha256
3c34a9f779015e7e4f0e432482c318cca2edc5b22c4322b0188c315ce65a4b60
sha384
021e86d0da9bffb4e885329c613ef1b1c079f216bd67d594cfed470defff5647e4b563fdc9e3589d5c689743d34dee67
sha512
d03fd2abaf80ac444f7c3c63eac34d5a652bd6885bfba4fc52d8cc2dee89131ad25bfb6d52301f15f22f789e1386a554f0ec1a6d7b87c2e309d4de5a3f560b84
ssdeep
6144:eLmSi2xLwgxgv/srWpAVs5uPD6h9FrecsnJ:QxLVssCpn5K6hvkJ
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, VM_Generic_Detection, Dropper_Strings, HasRichSignature, win_files_operation, win_registry, HasDebugData, win_token, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
HtAHt.Ht
dmadmin.pdb
\\.\MountPointManager
\Device\%s%c
\Device\CdRom%d
System\%s
\Device\Harddisk%d
\pipe\dmserver.pnp.dmadmin
boot.ini
dmadmin.exe
\Device\Harddisk%d\Partition%d
\Device\Harddisk%lu\Partition%lu
SYSTEM\Setup
%c:\SYSTEM
gicos encontrou uma falha ao atualizar boot.ini (x86) ou NVRAM (IA64). S
OSUNINST.dll
CLUSAPI.dll
CLUSAPI.dll
OSUNINST.dll
dmutil.dll
dmutil.dll
ntdll.dll
fmifs.dll
\Device\HarddiskDmVolumes\%S\%S
System\CurrentControlSet\Services\Dmserver\Parameters
\\.\FtControl
\\.\FtControl
SOFTWARE\Microsoft\Logical Disk Manager
Software\Microsoft\Logical Disk Manager
SYSTEM\CurrentControlSet\Services\dmboot
sSoftware\Microsoft\Logical Disk Manager
System\CurrentControlSet\Services\dmadmin\Parameters
Hardware\Description\System\EisaAdapter
Hardware\Description\System\MultiFunctionAdapter
signature(%08lx)
\Device\DmLoader
\Device\%S
\Device\
%s\Partition1\
\DosDevices\%s
%s\Partition1
%s\Partition0
%s\partition%u
%s\Partition%d
Drive: %c:\, Device:
Falha ao carregar DmConfig.dll. Erro: %1
%S, %ld
System\CurrentControlSet\Services\dmio\Encapsulation Info
System\CurrentControlSet\Services\dmload\EncapsulationPending
SYSTEM\CurrentControlSet\Services\dmio
rSYSTEM\CurrentControlSet\Control\MiniNT
SYSTEM\CurrentControlSet\Services\dmio\Partition Info
System\CurrentControlSet\Control\ProductOptions
SeBackupPrivilege
DMVOLUMES\
%c%cmulti(0)disk(0)rdisk(%ld)partition(%ld)
\??\Volume{
="Boot Mirror
o DmAdmin:
0\DiskPeripheral\%ld
-= XOR 2009 Valhalla =- Assembled 1997 .. Activated 07.2002 - devoted for peace and harmony in universe against war, racism, terrorism and cruel brutality .. remember .. life is the most important thing - not money .. it's time for a revolution NOW ....
GetProcAddress
DebugTraceFile
ProductType
EncapBootFile
Identifier
CreateEventW
signature(%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x)
DebugTrace
PSSh
PSSh
PSSh
PSSh
FormatVolume
OpenProcessToken
TerminateProcess
DeviceIoControl
ntserver
lanmannt
servernt
LoadLibraryA
FreeLibrary
GetModuleHandleA
CreateFileA
TerminateThread
ResumeThread
GetModuleHandleW
CreateFileW
FindFirstFileW
RegDeleteKeyW
LoadLibraryW
RegDeleteKeyA
QueryPerformanceCounter
RegQueryValueExA
RegOpenKeyA
RegQueryValueExW
RegOpenKeyExW
SetServiceStatus
RegSetValueExW
RegCreateKeyExW

Foremost
Matches
0.exe, 222 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: fmifs.dll, oNETAPI32.DLL, ADVAPI32.dll, OSUNINST.dll, ole32.dll, USER32.dll, SETUPAPI.dll, RPCRT4.dll, dmutil.dll, msvcrt.dll, ntdll.dll, CLUSAPI.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 19456
Suspicious: False cancel
Image
Address: 16777216
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 230867
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc, xor
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 5
Linker
Version: 7.10
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 229376
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: fmifs.dll, advapi32.dll, osuninst.dll, ole32.dll, user32.dll, setupapi.dll, rpcrt4.dll, dmutil.dll, msvcrt.dll, ntdll.dll, clusapi.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: onetapi32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2008-04-13 15:44:48
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
xorala
1
VirusTotal
md5
956daf8fc11590a30734289d8f8f9597
sha1
d1591e283326bfce0f486f01973c72d2a9797fba
SCANS (DETECTION RATE = 89.71%)
AVG
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

CMC
result: Virus.Win32!O
update: 20180216
version: 1.1.0.977
detected: True check_circle

MAX
result: malware (ai score=83)
update: 20180216
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.Valla
update: 20180212
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26234
detected: True check_circle

ALYac
result: Win32.Valhalla.2048
update: 20180216
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

Avira
result: W32/Xorala.b
update: 20180216
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Virus.Xorala.a
update: 20180208
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Harmony.A
update: 20180216
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Win32.Valhala.2048
update: 20180216
version: 7.0.28.2020
detected: True check_circle

GData
result: Win32.Virus.Xorala.A
update: 20180216
version: A:25.16051B:25.11598
detected: True check_circle

Panda
result: W32/Valla.2048
update: 20180216
version: 4.6.4.2
detected: True check_circle

VBA32
result: Win32.Xoralda.2048
update: 20180216
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Virus.Win32.Valla.a (v)
update: 20180216
version: 64642
detected: True check_circle

Zoner
result: Win32.Xorala.A
update: 20180216
version: 1.0
detected: True check_circle

AVware
result: Virus.Win32.Valla.a (v)
update: 20180216
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Xorala-1
update: 20180216
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20180216
detected: False cancel

F-Prot
result: W32/Harmony.A
update: 20180216
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Win32.Xorala
update: 20180216
version: 0.1.5.2
detected: True check_circle

McAfee
result: W32/Valla.a
update: 20180216
version: 6.0.6.653
detected: True check_circle

Rising
result: Win32.Xorala.a (CLASSIC)
update: 20180216
version: 25.0.0.1
detected: True check_circle

Sophos
result: W32/Rox-A
update: 20180216
version: 4.98.0
detected: True check_circle

Yandex
result: Win32.Xorala
update: 20180216
version: 5.5.1.3
detected: True check_circle

Zillya
result: Virus.Xorala.Win32.1
update: 20180216
version: 2.0.0.3493
detected: True check_circle

Arcabit
result: Win32.Valhalla.2048
update: 20180216
version: 1.0.0.830
detected: True check_circle

Cylance
result: Unsafe
update: 20180216
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180216
version: 1.2.1
detected: True check_circle

Tencent
result: Virus.Win32.Valla.a
update: 20180216
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Win32.Valla.2048
update: 20180216
version: 2014.3.20.0
detected: True check_circle

Webroot
update: 20180216
version: 1.0.0.207
detected: False cancel

eGambit
update: 20180216
version: v4.3.4
detected: False cancel

Ad-Aware
result: Win32.Valhalla.2048
update: 20180216
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: W32.W.Runouce.l4QL
update: 20180216
version: 4.2
detected: True check_circle

Emsisoft
result: Win32.Valhalla.2048 (B)
update: 20180216
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Win32.Valhalla.2048
update: 20180216
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Valla.2048
update: 20180216
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Hacktool/VB.ASPX.a
update: 20180216
version: 16.0.100
detected: True check_circle

Kingsoft
result: Win32.Xorala.2048
update: 20180216
version: 2013.8.14.323
detected: True check_circle

Paloalto
update: 20180216
version: 1.0
detected: False cancel

Symantec
result: W32.Valla.2048
update: 20180216
version: 1.5.0.0
detected: True check_circle

nProtect
result: Virus/W32.Valla
update: 20180216
version: 2018-02-16.02
detected: True check_circle

AhnLab-V3
result: Win32/Valla.2048
update: 20180216
version: 3.11.3.19504
detected: True check_circle

Antiy-AVL
result: Virus/Win32.Xorala.b
update: 20180216
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Virus.Win32.Xorala
update: 20180216
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Virus:Win32/Valla.2048
update: 20180216
version: 1.1.14500.5
detected: True check_circle

Qihoo-360
result: Virus.Win32.Agent.A
update: 20180216
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: W32/Valla.a
update: 20180216
version: 6.8.0.5.2415
detected: True check_circle

ZoneAlarm
result: Virus.Win32.Xorala
update: 20180216
version: 1.0
detected: True check_circle

Cybereason
result: malicious.fc1159
update: 20180205
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/Xorala.A
update: 20180216
version: 16915
detected: True check_circle

TrendMicro
result: PE_VALLA.A
update: 20180216
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180205
detected: False cancel

BitDefender
result: Win32.Valhalla.2048
update: 20180216
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26238
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180115
version: 1.0.12.202
detected: True check_circle

Avast-Mobile
update: 20180216
version: 180216-04
detected: False cancel

Malwarebytes
result: Virus.Valhalla
update: 20180216
version: 2.1.1.1115
detected: True check_circle

TotalDefense
result: Win32/Valla.2048
update: 20180216
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: W32.Xorala
update: 20180216
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Virus.Win32.Xorala.cbehdj
update: 20180216
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Win32.Valhalla.2048
update: 20180216
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180216
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Valla.dh
update: 20180216
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: PE_VALLA.A
update: 20180216
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
3c34a9f779015e7e4f0e432482c318cca2edc5b22c4322b0188c315ce65a4b60
scan_id
3c34a9f779015e7e4f0e432482c318cca2edc5b22c4322b0188c315ce65a4b60-1518800569
resource
956daf8fc11590a30734289d8f8f9597
positives
61
scan_date
2018-02-16 17:02:49
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
17/2/2020 - 12:45:44.465Open2308C:\malware.exeC:\OSUNINST.dll
17/2/2020 - 12:45:44.465Open2308C:\malware.exeC:\Windows\SysWOW64\osuninst.dll
17/2/2020 - 12:45:44.465Open2308C:\malware.exeC:\Windows\SysWOW64\osuninst.dll
17/2/2020 - 12:45:44.481Open2308C:\malware.exeC:\Windows\SysWOW64\imm32.dll
17/2/2020 - 12:45:44.481Open2308C:\malware.exeC:\Windows\SysWOW64\imm32.dll
17/2/2020 - 12:45:44.481Open2308C:\malware.exeC:\Windows\SysWOW64\imm32.dll
17/2/2020 - 12:45:44.481Open2308C:\malware.exeC:\Windows\SysWOW64\imm32.dll
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\imm32.dll
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\imm32.dll
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\AppCompat
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\AppCompat
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\AppPatch
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\AppPatch
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\debug
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\debug\WIA
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\debug\WIA
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\debug
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\hh.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\hh.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\hh.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\hh.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\IME
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\IME\IMEJP10
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\IME\IMEJP10\DICTS
17/2/2020 - 12:45:44.497Read2308C:\malware.exeC:\Windows\IME\IMEJP10\DICTS
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\IME\IMEJP10\DICTS
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\IME\IMEJP10
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\IME\IMESC5
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\IME\IMESC5
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\IME
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\Logs
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\Logs
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\Offline Web Pages
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\Offline Web Pages
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\regedit.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\regedit.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\regedit.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\regedit.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\ServiceProfiles
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\ServiceProfiles
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\Temp
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\Temp\FirstUX
17/2/2020 - 12:45:44.497Read2308C:\malware.exeC:\Windows\Temp\FirstUX
17/2/2020 - 12:45:44.497Read2308C:\malware.exeC:\Windows\Temp\FirstUX
17/2/2020 - 12:45:44.497Read2308C:\malware.exeC:\Windows\Temp\FirstUX
17/2/2020 - 12:45:44.497Read2308C:\malware.exeC:\Windows\Temp\FirstUX
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\Temp\FirstUX
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\Temp
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\Web
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\Web
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\0409
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\SysWOW64\0409
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\ar-SA
17/2/2020 - 12:45:44.497Read2308C:\malware.exeC:\Windows\SysWOW64\ar-SA
17/2/2020 - 12:45:44.497Unknown2308C:\malware.exeC:\Windows\SysWOW64\ar-SA
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\auditpol.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\auditpol.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\auditpol.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\auditpol.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\autochk.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\autochk.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\autochk.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\autochk.exe
17/2/2020 - 12:45:44.497Open2308C:\malware.exeC:\Windows\SysWOW64\bootcfg.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\bootcfg.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\bootcfg.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\bootcfg.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\calc.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\calc.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\calc.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\calc.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\colorcpl.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\colorcpl.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\colorcpl.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\colorcpl.exe
17/2/2020 - 12:45:44.575Open2308C:\malware.exeC:\Windows\SysWOW64\comp.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\comp.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\comp.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\comp.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\config
17/2/2020 - 12:45:44.622Unknown2308C:\malware.exeC:\Windows\SysWOW64\config
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\convert.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\convert.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\convert.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\convert.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
17/2/2020 - 12:45:44.622Open2308C:\malware.exeC:\Windows\SysWOW64\de-DE
17/2/2020 - 12:45:44.622Read2308C:\malware.exeC:\Windows\SysWOW64\de-DE
17/2/2020 - 12:45:44.668Unknown2308C:\malware.exeC:\Windows\SysWOW64\de-DE
17/2/2020 - 12:45:44.668Open2308C:\malware.exeC:\Windows\SysWOW64\dialer.exe
17/2/2020 - 12:45:44.715Open2308C:\malware.exeC:\Windows\SysWOW64\dialer.exe
17/2/2020 - 12:45:44.715Open2308C:\malware.exeC:\Windows\SysWOW64\dialer.exe
17/2/2020 - 12:45:44.715Open2308C:\malware.exeC:\Windows\SysWOW64\dialer.exe
17/2/2020 - 12:45:44.715Open2308C:\malware.exeC:\Windows\SysWOW64\Dism
17/2/2020 - 12:45:44.715Unknown2308C:\malware.exeC:\Windows\SysWOW64\Dism
17/2/2020 - 12:45:44.715Unknown2308C:\malware.exeC:\Windows\SysWOW64\Dism
17/2/2020 - 12:45:44.715Open2308C:\malware.exeC:\Windows\SysWOW64\dnscacheugc.exe
17/2/2020 - 12:45:44.762Unknown2308C:\malware.exeC:\Windows\SysWOW64\dnscacheugc.exednscacheugc.exe
17/2/2020 - 12:45:44.762Open2308C:\malware.exeC:\Windows\SysWOW64\dnscacheugc.exe
17/2/2020 - 12:45:44.762Open2308C:\malware.exeC:\Windows\SysWOW64\dnscacheugc.exe
17/2/2020 - 12:45:44.762Open2308C:\malware.exeC:\Windows\SysWOW64\dnscacheugc.exe
17/2/2020 - 12:45:44.762Open2308C:\malware.exeC:\Windows\SysWOW64\dpnsvr.exe
17/2/2020 - 12:45:44.809Open2308C:\malware.exeC:\Windows\SysWOW64\dpnsvr.exe
17/2/2020 - 12:45:44.809Open2308C:\malware.exeC:\Windows\SysWOW64\dpnsvr.exe
17/2/2020 - 12:45:44.809Open2308C:\malware.exeC:\Windows\SysWOW64\dpnsvr.exe
17/2/2020 - 12:45:44.809Open2308C:\malware.exeC:\Windows\SysWOW64\dvdplay.exe
17/2/2020 - 12:45:44.856Open2308C:\malware.exeC:\Windows\SysWOW64\dvdplay.exe
17/2/2020 - 12:45:44.856Open2308C:\malware.exeC:\Windows\SysWOW64\dvdplay.exe
17/2/2020 - 12:45:44.856Open2308C:\malware.exeC:\Windows\SysWOW64\dvdplay.exe
17/2/2020 - 12:45:44.856Open2308C:\malware.exeC:\Windows\SysWOW64\en
17/2/2020 - 12:45:44.856Unknown2308C:\malware.exeC:\Windows\SysWOW64\en
17/2/2020 - 12:45:44.856Open2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
17/2/2020 - 12:45:44.903Unknown2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exeeventcreate.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
17/2/2020 - 12:45:44.903Open2308C:\malware.exeC:\Windows\SysWOW64\fc.exe
17/2/2020 - 12:45:44.950Open2308C:\malware.exeC:\Windows\SysWOW64\fc.exe
17/2/2020 - 12:45:44.950Open2308C:\malware.exeC:\Windows\SysWOW64\fc.exe
17/2/2020 - 12:45:44.950Open2308C:\malware.exeC:\Windows\SysWOW64\fc.exe
17/2/2020 - 12:45:44.950Open2308C:\malware.exeC:\Windows\SysWOW64\gpresult.exe
17/2/2020 - 12:45:44.997Open2308C:\malware.exeC:\Windows\SysWOW64\gpresult.exe
17/2/2020 - 12:45:44.997Open2308C:\malware.exeC:\Windows\SysWOW64\gpresult.exe
17/2/2020 - 12:45:44.997Open2308C:\malware.exeC:\Windows\SysWOW64\gpresult.exe
17/2/2020 - 12:45:44.997Open2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
17/2/2020 - 12:45:45.43Unknown2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exeicsunattend.exe
17/2/2020 - 12:45:45.43Open2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
17/2/2020 - 12:45:45.43Open2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
17/2/2020 - 12:45:45.43Open2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
17/2/2020 - 12:45:45.43Open2308C:\malware.exeC:\Windows\SysWOW64\inetsrv
17/2/2020 - 12:45:45.43Unknown2308C:\malware.exeC:\Windows\SysWOW64\inetsrv
17/2/2020 - 12:45:45.43Open2308C:\malware.exeC:\Windows\SysWOW64\iscsicli.exe
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\iscsicli.exe
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\iscsicli.exe
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\iscsicli.exe
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\lt-LT
17/2/2020 - 12:45:45.90Unknown2308C:\malware.exeC:\Windows\SysWOW64\lt-LT
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\lv-LV
17/2/2020 - 12:45:45.90Unknown2308C:\malware.exeC:\Windows\SysWOW64\lv-LV
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\manifeststore
17/2/2020 - 12:45:45.90Unknown2308C:\malware.exeC:\Windows\SysWOW64\manifeststore
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exe
17/2/2020 - 12:45:45.90Unknown2308C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exemcbuilder.exe
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exe
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exe
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exe
17/2/2020 - 12:45:45.90Open2308C:\malware.exeC:\Windows\SysWOW64\mfpmp.exe
17/2/2020 - 12:45:45.137Open2308C:\malware.exeC:\Windows\SysWOW64\mfpmp.exe
17/2/2020 - 12:45:45.137Open2308C:\malware.exeC:\Windows\SysWOW64\mfpmp.exe
17/2/2020 - 12:45:45.137Open2308C:\malware.exeC:\Windows\SysWOW64\mfpmp.exe
17/2/2020 - 12:45:45.137Open2308C:\malware.exeC:\Windows\SysWOW64\mountvol.exe
17/2/2020 - 12:45:45.184Open2308C:\malware.exeC:\Windows\SysWOW64\mountvol.exe
17/2/2020 - 12:45:45.184Open2308C:\malware.exeC:\Windows\SysWOW64\mountvol.exe
17/2/2020 - 12:45:45.184Open2308C:\malware.exeC:\Windows\SysWOW64\mountvol.exe
17/2/2020 - 12:45:45.184Open2308C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
17/2/2020 - 12:45:45.231Open2308C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
17/2/2020 - 12:45:45.231Open2308C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
17/2/2020 - 12:45:45.231Open2308C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
17/2/2020 - 12:45:45.231Open2308C:\malware.exeC:\Windows\SysWOW64\nb-NO
17/2/2020 - 12:45:45.231Read2308C:\malware.exeC:\Windows\SysWOW64\nb-NO
17/2/2020 - 12:45:45.278Unknown2308C:\malware.exeC:\Windows\SysWOW64\nb-NO
17/2/2020 - 12:45:45.278Open2308C:\malware.exeC:\Windows\SysWOW64\nl-NL
17/2/2020 - 12:45:45.278Read2308C:\malware.exeC:\Windows\SysWOW64\nl-NL
17/2/2020 - 12:45:45.325Unknown2308C:\malware.exeC:\Windows\SysWOW64\nl-NL
17/2/2020 - 12:45:45.325Open2308C:\malware.exeC:\Windows\SysWOW64\nslookup.exe
17/2/2020 - 12:45:45.372Open2308C:\malware.exeC:\Windows\SysWOW64\nslookup.exe
17/2/2020 - 12:45:45.372Open2308C:\malware.exeC:\Windows\SysWOW64\nslookup.exe
17/2/2020 - 12:45:45.372Open2308C:\malware.exeC:\Windows\SysWOW64\nslookup.exe
17/2/2020 - 12:45:45.372Open2308C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\odbcad32.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\odbcad32.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\odbcad32.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\odbcad32.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\oobe
17/2/2020 - 12:45:45.418Unknown2308C:\malware.exeC:\Windows\SysWOW64\oobe
17/2/2020 - 12:45:45.418Open2308C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
17/2/2020 - 12:45:45.465Unknown2308C:\malware.exeC:\Windows\SysWOW64\openfiles.exeopenfiles.exe
17/2/2020 - 12:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
17/2/2020 - 12:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
17/2/2020 - 12:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
17/2/2020 - 12:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\perfmon.exe
17/2/2020 - 12:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\perfmon.exe
17/2/2020 - 12:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\perfmon.exe
17/2/2020 - 12:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\perfmon.exe
17/2/2020 - 12:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\PkgMgr.exe
17/2/2020 - 12:45:45.512Open2308C:\malware.exeC:\Windows\SysWOW64\PkgMgr.exe
17/2/2020 - 12:45:45.512Open2308C:\malware.exeC:\Windows\SysWOW64\PkgMgr.exe
17/2/2020 - 12:45:45.512Open2308C:\malware.exeC:\Windows\SysWOW64\PkgMgr.exe
17/2/2020 - 12:45:45.512Open2308C:\malware.exeC:\Windows\SysWOW64\pt-BR
17/2/2020 - 12:45:45.512Open2308C:\malware.exeC:\Windows\SysWOW64\pt-BR\Licenses
17/2/2020 - 12:45:45.512Unknown2308C:\malware.exeC:\Windows\SysWOW64\pt-BR\Licenses
17/2/2020 - 12:45:45.512Unknown2308C:\malware.exeC:\Windows\SysWOW64\pt-BR
17/2/2020 - 12:45:45.512Open2308C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
17/2/2020 - 12:45:45.559Open2308C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
17/2/2020 - 12:45:45.559Open2308C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
17/2/2020 - 12:45:45.559Open2308C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
17/2/2020 - 12:45:45.559Open2308C:\malware.exeC:\Windows\SysWOW64\ReAgentc.exe
17/2/2020 - 12:45:45.606Open2308C:\malware.exeC:\Windows\SysWOW64\ReAgentc.exe
17/2/2020 - 12:45:45.606Open2308C:\malware.exeC:\Windows\SysWOW64\ReAgentc.exe
17/2/2020 - 12:45:45.606Open2308C:\malware.exeC:\Windows\SysWOW64\ReAgentc.exe
17/2/2020 - 12:45:45.606Open2308C:\malware.exeC:\Windows\SysWOW64\Recovery
17/2/2020 - 12:45:45.606Unknown2308C:\malware.exeC:\Windows\SysWOW64\Recovery
17/2/2020 - 12:45:45.606Open2308C:\malware.exeC:\Windows\SysWOW64\regini.exe
17/2/2020 - 12:45:45.653Open2308C:\malware.exeC:\Windows\SysWOW64\regini.exe
17/2/2020 - 12:45:45.653Open2308C:\malware.exeC:\Windows\SysWOW64\regini.exe
17/2/2020 - 12:45:45.653Open2308C:\malware.exeC:\Windows\SysWOW64\regini.exe
17/2/2020 - 12:45:45.653Open2308C:\malware.exeC:\Windows\SysWOW64\RegisterIEPKEYs.exe
17/2/2020 - 12:45:45.653Unknown2308C:\malware.exeC:\Windows\SysWOW64\RegisterIEPKEYs.exeRegisterIEPKEYs.exe
17/2/2020 - 12:45:45.653Open2308C:\malware.exeC:\Windows\SysWOW64\RegisterIEPKEYs.exe
17/2/2020 - 12:45:45.653Open2308C:\malware.exeC:\Windows\SysWOW64\RegisterIEPKEYs.exe
17/2/2020 - 12:45:45.653Open2308C:\malware.exeC:\Windows\SysWOW64\RegisterIEPKEYs.exe
17/2/2020 - 12:45:45.653Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate.exe
17/2/2020 - 12:45:45.700Unknown2308C:\malware.exeC:\Windows\SysWOW64\RMActivate.exeRMActivate.exe
17/2/2020 - 12:45:45.700Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate.exe
17/2/2020 - 12:45:45.700Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate.exe
17/2/2020 - 12:45:45.700Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate.exe
17/2/2020 - 12:45:45.700Open2308C:\malware.exeC:\Windows\SysWOW64\ROUTE.EXE
17/2/2020 - 12:45:45.747Open2308C:\malware.exeC:\Windows\SysWOW64\ROUTE.EXE
17/2/2020 - 12:45:45.747Open2308C:\malware.exeC:\Windows\SysWOW64\ROUTE.EXE
17/2/2020 - 12:45:45.747Open2308C:\malware.exeC:\Windows\SysWOW64\ROUTE.EXE
17/2/2020 - 12:45:45.747Open2308C:\malware.exeC:\Windows\SysWOW64\rrinstaller.exe
17/2/2020 - 12:45:45.793Unknown2308C:\malware.exeC:\Windows\SysWOW64\rrinstaller.exerrinstaller.exe
17/2/2020 - 12:45:45.793Open2308C:\malware.exeC:\Windows\SysWOW64\rrinstaller.exe
17/2/2020 - 12:45:45.793Open2308C:\malware.exeC:\Windows\SysWOW64\rrinstaller.exe
17/2/2020 - 12:45:45.793Open2308C:\malware.exeC:\Windows\SysWOW64\rrinstaller.exe
17/2/2020 - 12:45:45.793Open2308C:\malware.exeC:\Windows\SysWOW64\SearchFilterHost.exe
17/2/2020 - 12:45:45.793Unknown2308C:\malware.exeC:\Windows\SysWOW64\SearchFilterHost.exeSearchFilterHost.exe
17/2/2020 - 12:45:45.793Open2308C:\malware.exeC:\Windows\SysWOW64\SearchFilterHost.exe
17/2/2020 - 12:45:45.793Open2308C:\malware.exeC:\Windows\SysWOW64\SearchFilterHost.exe
17/2/2020 - 12:45:45.793Open2308C:\malware.exeC:\Windows\SysWOW64\SearchFilterHost.exe
17/2/2020 - 12:45:45.793Open2308C:\malware.exeC:\Windows\SysWOW64\setup16.exe
17/2/2020 - 12:45:45.840Open2308C:\malware.exeC:\Windows\SysWOW64\setup16.exe
17/2/2020 - 12:45:45.840Open2308C:\malware.exeC:\Windows\SysWOW64\setup16.exe
17/2/2020 - 12:45:45.840Open2308C:\malware.exeC:\Windows\SysWOW64\setup16.exe
17/2/2020 - 12:45:45.840Open2308C:\malware.exeC:\Windows\SysWOW64\setupugc.exe
17/2/2020 - 12:45:45.887Open2308C:\malware.exeC:\Windows\SysWOW64\setupugc.exe
17/2/2020 - 12:45:45.887Open2308C:\malware.exeC:\Windows\SysWOW64\setupugc.exe
17/2/2020 - 12:45:45.887Open2308C:\malware.exeC:\Windows\SysWOW64\setupugc.exe
17/2/2020 - 12:45:45.887Open2308C:\malware.exeC:\Windows\SysWOW64\spp
17/2/2020 - 12:45:45.887Unknown2308C:\malware.exeC:\Windows\SysWOW64\spp
17/2/2020 - 12:45:45.887Open2308C:\malware.exeC:\Windows\SysWOW64\sv-SE
17/2/2020 - 12:45:45.887Read2308C:\malware.exeC:\Windows\SysWOW64\sv-SE
17/2/2020 - 12:45:45.934Unknown2308C:\malware.exeC:\Windows\SysWOW64\sv-SE
17/2/2020 - 12:45:45.934Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
17/2/2020 - 12:45:45.981Unknown2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exeSystemPropertiesPerformance.exe
17/2/2020 - 12:45:45.981Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
17/2/2020 - 12:45:45.981Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
17/2/2020 - 12:45:45.981Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
17/2/2020 - 12:45:45.981Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesProtection.exe
17/2/2020 - 12:45:45.981Unknown2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesProtection.exeSystemPropertiesProtection.exe
17/2/2020 - 12:45:45.981Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesProtection.exe
17/2/2020 - 12:45:45.981Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesProtection.exe
17/2/2020 - 12:45:45.981Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesProtection.exe
17/2/2020 - 12:45:45.981Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
17/2/2020 - 12:45:46.28Unknown2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exeSystemPropertiesRemote.exe
17/2/2020 - 12:45:46.28Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
17/2/2020 - 12:45:46.28Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
17/2/2020 - 12:45:46.28Open2308C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
17/2/2020 - 12:45:46.28Open2308C:\malware.exeC:\Windows\SysWOW64\TapiUnattend.exe
17/2/2020 - 12:45:46.75Unknown2308C:\malware.exeC:\Windows\SysWOW64\TapiUnattend.exeTapiUnattend.exe
17/2/2020 - 12:45:46.75Open2308C:\malware.exeC:\Windows\SysWOW64\TapiUnattend.exe
17/2/2020 - 12:45:46.75Open2308C:\malware.exeC:\Windows\SysWOW64\TapiUnattend.exe
17/2/2020 - 12:45:46.75Open2308C:\malware.exeC:\Windows\SysWOW64\TapiUnattend.exe
17/2/2020 - 12:45:46.75Open2308C:\malware.exeC:\Windows\SysWOW64\tcmsetup.exe
17/2/2020 - 12:45:46.75Open2308C:\malware.exeC:\Windows\SysWOW64\tcmsetup.exe
17/2/2020 - 12:45:46.75Open2308C:\malware.exeC:\Windows\SysWOW64\tcmsetup.exe
17/2/2020 - 12:45:46.75Open2308C:\malware.exeC:\Windows\SysWOW64\tcmsetup.exe
17/2/2020 - 12:45:46.75Open2308C:\malware.exeC:\Windows\SysWOW64\timeout.exe
17/2/2020 - 12:45:46.122Open2308C:\malware.exeC:\Windows\SysWOW64\timeout.exe
17/2/2020 - 12:45:46.122Open2308C:\malware.exeC:\Windows\SysWOW64\timeout.exe
17/2/2020 - 12:45:46.122Open2308C:\malware.exeC:\Windows\SysWOW64\timeout.exe
17/2/2020 - 12:45:46.122Open2308C:\malware.exeC:\Windows\SysWOW64\tracerpt.exe
17/2/2020 - 12:45:46.168Open2308C:\malware.exeC:\Windows\SysWOW64\tracerpt.exe
17/2/2020 - 12:45:46.168Open2308C:\malware.exeC:\Windows\SysWOW64\tracerpt.exe
17/2/2020 - 12:45:46.168Open2308C:\malware.exeC:\Windows\SysWOW64\tracerpt.exe
17/2/2020 - 12:45:46.168Open2308C:\malware.exeC:\Windows\SysWOW64\TRACERT.EXE
17/2/2020 - 12:45:46.168Open2308C:\malware.exeC:\Windows\SysWOW64\TRACERT.EXE
17/2/2020 - 12:45:46.168Open2308C:\malware.exeC:\Windows\SysWOW64\TRACERT.EXE
17/2/2020 - 12:45:46.168Open2308C:\malware.exeC:\Windows\SysWOW64\TRACERT.EXE
17/2/2020 - 12:45:46.168Open2308C:\malware.exeC:\Windows\SysWOW64\TSTheme.exe
17/2/2020 - 12:45:46.215Open2308C:\malware.exeC:\Windows\SysWOW64\TSTheme.exe
17/2/2020 - 12:45:46.215Open2308C:\malware.exeC:\Windows\SysWOW64\TSTheme.exe
17/2/2020 - 12:45:46.215Open2308C:\malware.exeC:\Windows\SysWOW64\TSTheme.exe
17/2/2020 - 12:45:46.215Open2308C:\malware.exeC:\Windows\SysWOW64\TsWpfWrp.exe
17/2/2020 - 12:45:46.262Open2308C:\malware.exeC:\Windows\SysWOW64\TsWpfWrp.exe
17/2/2020 - 12:45:46.262Open2308C:\malware.exeC:\Windows\SysWOW64\TsWpfWrp.exe
17/2/2020 - 12:45:46.262Open2308C:\malware.exeC:\Windows\SysWOW64\TsWpfWrp.exe
17/2/2020 - 12:45:46.262Open2308C:\malware.exeC:\Windows\SysWOW64\typeperf.exe
17/2/2020 - 12:45:46.309Open2308C:\malware.exeC:\Windows\SysWOW64\typeperf.exe
17/2/2020 - 12:45:46.309Open2308C:\malware.exeC:\Windows\SysWOW64\typeperf.exe
17/2/2020 - 12:45:46.309Open2308C:\malware.exeC:\Windows\SysWOW64\typeperf.exe
17/2/2020 - 12:45:46.309Open2308C:\malware.exeC:\Windows\SysWOW64\unlodctr.exe
17/2/2020 - 12:45:46.309Open2308C:\malware.exeC:\Windows\SysWOW64\unlodctr.exe
17/2/2020 - 12:45:46.309Open2308C:\malware.exeC:\Windows\SysWOW64\unlodctr.exe
17/2/2020 - 12:45:46.309Open2308C:\malware.exeC:\Windows\SysWOW64\unlodctr.exe
17/2/2020 - 12:45:46.309Open2308C:\malware.exeC:\Windows\SysWOW64\vssadmin.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\vssadmin.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\vssadmin.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\vssadmin.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\wecutil.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\wecutil.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\wecutil.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\wecutil.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\WerFault.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\WerFault.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\WerFault.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\WerFault.exe
17/2/2020 - 12:45:46.356Open2308C:\malware.exeC:\Windows\SysWOW64\wininit.exe
17/2/2020 - 12:45:46.403Open2308C:\malware.exeC:\Windows\SysWOW64\wininit.exe
17/2/2020 - 12:45:46.403Open2308C:\malware.exeC:\Windows\SysWOW64\wininit.exe
17/2/2020 - 12:45:46.403Open2308C:\malware.exeC:\Windows\SysWOW64\wininit.exe
17/2/2020 - 12:45:46.403Open2308C:\malware.exeC:\Windows\SysWOW64\winver.exe
17/2/2020 - 12:45:46.403Open2308C:\malware.exeC:\Windows\SysWOW64\winver.exe
17/2/2020 - 12:45:46.403Open2308C:\malware.exeC:\Windows\SysWOW64\winver.exe
17/2/2020 - 12:45:46.403Open2308C:\malware.exeC:\Windows\SysWOW64\winver.exe
17/2/2020 - 12:45:46.403Open2308C:\malware.exeC:\Windows\SysWOW64\xcopy.exe
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Windows\SysWOW64\xcopy.exe
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Windows\SysWOW64\xcopy.exe
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Windows\SysWOW64\xcopy.exe
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Windows\SysWOW64
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\$Recycle.Bin
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\$Recycle.Bin
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Monitor
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Monitor\Files
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Monitor\Files
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Monitor
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\PerfLogs
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\PerfLogs\Admin
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\PerfLogs\Admin
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\PerfLogs
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Monitor
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Monitor\Files
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Monitor\Files
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\malware.exe
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Monitor\Malware
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Monitor
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Monitor
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Monitor
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Program Files
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Program Files\Windows Defender
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Program Files\Windows Defender\MpCmdRun.exe
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Program Files\Windows Defender\MpCmdRun.exe
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Program Files\Windows Defender\MpCmdRun.exe
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Program Files\Windows Defender\MpCmdRun.exe
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Program Files\Windows Defender
17/2/2020 - 12:45:46.450Open2308C:\malware.exeC:\Program Files\Windows Photo Viewer
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Program Files\Windows Photo Viewer
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Program Files\Windows Photo Viewer
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\Program Files
17/2/2020 - 12:45:46.450Unknown2308C:\malware.exeC:\
17/2/2020 - 12:45:46.497Unknown2308C:\malware.exeC:\Windows
17/2/2020 - 12:45:46.497Unknown2308C:\malware.exeC:\Monitor

Process
Trace

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 97.60%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 90.62%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 58.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 74.85%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 83.67%
suspicious: False cancel

Add to Collection
Download