Report #6607 check_circle

  • Creation Date: Feb. 18, 2020, 1:19 p.m.
  • Last Update: Feb. 18, 2020, 3:27 p.m.
  • File: HDSetup_3264432254.exe
  • Results:
Binary
DLL
False cancel
Size
1.45MB
trid
76.6% Inno Setup installer
9.9% Win32 Executable Delphi generic
4.5% Win32 Dynamic Link Library
3.1% Win32 Executable
1.4% Win16/32 Executable Delphi generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
291ff319e39eeb8790b5dbabe2b15d90
sha1
dc6ff352325e4da64b731ba0035698625ddd1a75
crc32
0x68cc017b
sha224
273889f3b0bf82c34eb8c704ced47558a1fe54c28f54ddb3439a8736
sha256
6b20cd389c1cdb181ea330b8a9572b41df2add0227578bf530a2ba8000a40385
sha384
3828d988cf7d386423d9845c09577cfec44b21cf3625b9ac054b1c0c7150c43f85d8efdf3fc33d647e2950a522d5340b
sha512
ba1b3ef68fb8aceeb339d7c648a88911817249a34bfa3f4a4ae104f70f39bc609cad0aa4a000586a40d04d0a25ad107b46d5460067244fe6fcb70947c5fa7f6f
ssdeep
24576:I7v0V2js9Ft8TuMboSrjigPbJx5Pg3ft1M9gk2CpCZ1Q5eC6F9zS4rozygRs7Ff:IjLbTuM7rjigtx5Pg3TM952kCZ+6+2f
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, IP, Borland_Delphi_30_, CRC32_poly_Constant, escalate_priv, borland_delphi, Microsoft_Visual_Cpp_v50v60_MFC, win_files_operation, IsPE32, disable_dep, Borland_Delphi_v40_v50, win_token, contentis_base64, Borland_Delphi_40_additional, IsPacked, Borland_Delphi_40, IsWindowsGUI, Delphi_Copy, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, win_registry, HasOverlay, Borland_Delphi_30_additional, Borland_Delphi_v30

Suspicious
True check_circle

Strings
List
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
t.Ht
C.il
T.NF
A.dO
c.lt
e.Tl
T.sI
-P.nu
2.cG
M.PNC
I.Cc
a.CC
Qg26.pt
_C=i.PS
P.WF
Q.Tv
F.hk
zrse.Uz
P.rsrc
comctl32.dll
2.0.5.1
1aE7AD
{%/8
,NWT-
Br${&ow
name="Microsoft.Windows.Common-Controls"
T%ic?7:
Wv9%iT{
5)%dna
S^u#?:%d
L%s7N
@%eul
%n%{E
%E~ST
%FEi=S
n^%EB@
lzmadecompsmall: Compressed data is corrupted (%d)
tNV,%FI
U%eHCn$
DVRm*e%d
Division by zero
MdCCA
Pudibeca
August September
Compressed block is corrupted
Compressed block is corrupted
Compressed block is corrupted
Too many open files
lzmadecompsmall: %s
I/O error %d
Control Panel\Desktop\ResourceLocale
'%s' is not a valid time!'%s' is not a valid date and time
File I/O error %d
'%s' is not a valid date
This installation was built with Inno Setup.
.DEFAULT\Control Panel\International
o6{s.wf
SeShutdownPrivilege
L")9r9.mn
<requestedPrivileges>
BN@RDP
Tt.zsq
3.OM"
publicKeyToken="6595b64144ccf1df"
w.gU|
ECompressError
ECompressDataError
ECompressInternalError
TCustomDecompressor
y.kzg
No argument for format '%s'
Application Error1Format '%s' invalid or incompatible with argument
GetProcAddress
EPrivilege
Invalid class typecast0Access violation at address %p. %s of address %p
ExitProcess
SetProcessDEPPolicy
O!bCmd
!'%s' is not a valid integer value('%s' is not a valid floating point value
Operation aborted%Exception %s in module %s at %p.
E91D
Write)Format result longer than 4096 characters
CreateProcessA
OpenProcessToken
This program must be run under Win32
VirtualAlloc
VirtualAlloc
e18D
NewInstance
VirtualProtect
LzmaDecode failed (%d)
SetFilePointer
WriteFile
RegOpenKeyExA
RegQueryValueExA
CreateFileA
CreateDirectoryA
GetModuleFileNameA
DeleteFileA

Foremost
Matches
0.exe, 53 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 2.0.5.1, 1, anantes-651-1-54-1.w2-0.abo.wanadoo.fr.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: user32.dll, comctl32.dll, advapi32.dll, oleaut32.dll, kernel32.dll, shell32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 17920
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 1
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 1
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 40000
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, comctl32.dll, advapi32.dll, oleaut32.dll, kernel32.dll, shell32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1992-06-19 19:22:17
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 4

pushpopmath
none: 13
.rsrc: 2

garbagebytes
none: 4

hookdetection
none: 2

programcontrolflowchange
none: 4

cpuinstructionsresultscomparison
none: 1
.rsrc: 3

AVclass
installcore
1
VirusTotal
md5
291ff319e39eeb8790b5dbabe2b15d90
sha1
dc6ff352325e4da64b731ba0035698625ddd1a75
SCANS (DETECTION RATE = 45.07%)
AVG
update: 20190129
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190129
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=71)
update: 20190130
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190129
version: 1.3.0.9899
detected: False cancel

K7GW
result: Adware ( 005104a81 )
update: 20190129
version: 11.25.29825
detected: True check_circle

ALYac
update: 20190129
version: 1.1.1.5
detected: False cancel

Avast
update: 20190129
version: 18.4.3895.0
detected: False cancel

Avira
update: 20190129
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190129
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190129
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190129
version: 7.0.34.11020
detected: False cancel

GData
result: Win32.Application.InstallCore.LR@gen
update: 20190129
version: A:25.20394B:25.14260
detected: True check_circle

Panda
result: PUP/Generic
update: 20190129
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20190129
version: 3.35.1
detected: False cancel

VIPRE
result: Adware.InstallCore
update: 20190129
version: 72710
detected: True check_circle

Zoner
update: 20190128
version: 1.0
detected: False cancel

ClamAV
result: Win.Trojan.Agent-6399978-0
update: 20190129
version: 0.101.1.0
detected: True check_circle

Comodo
result: ApplicUnwnt@#36exdy2b88hnn
update: 20190129
version: 30350
detected: True check_circle

F-Prot
update: 20190129
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20190129
version: 0.1.5.2
detected: False cancel

McAfee
update: 20190129
version: 6.0.6.653
detected: False cancel

Rising
result: PUF.InstallCore!1.AB2C (CLASSIC)
update: 20190129
version: 25.0.0.24
detected: True check_circle

Sophos
result: QPDownload Download Manager (PUA)
update: 20190129
version: 4.98.0
detected: True check_circle

Yandex
update: 20190129
version: 5.5.1.3
detected: False cancel

Zillya
update: 20190129
version: 2.0.0.3741
detected: False cancel

Acronis
update: 20190128
version: 1.0.1.40
detected: False cancel

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
result: Application.DealAgent.ADPX
update: 20190129
version: 1.0.0.837
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

Cylance
update: 20190130
version: 2.3.1.101
detected: False cancel

Endgame
result: malicious (high confidence)
update: 20181108
version: 3.0.2
detected: True check_circle

TACHYON
update: 20190129
version: 2019-01-29.02
detected: False cancel

Tencent
update: 20190130
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190129
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Adware.Gen
update: 20190130
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20190130
version: v4.3.5
detected: False cancel

Ad-Aware
result: Application.DealAgent.ADPX
update: 20190129
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20190129
version: 4.2
detected: False cancel

Emsisoft
result: Application.DealAgent.ADPX (B)
update: 20190129
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Application.DealAgent.ADPX
update: 20190129
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Generic_PUA_NM.A
update: 20190129
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20181128
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20190129
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190130
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190130
version: 1.0
detected: False cancel

Symantec
result: PUA.InstallCore
update: 20190129
version: 1.8.0.0
detected: True check_circle

Trapmine
update: 20190123
version: 3.1.40.719
detected: False cancel

AhnLab-V3
result: PUP/Win32.InstallCore.R239359
update: 20190129
version: 3.14.1.22785
detected: True check_circle

Antiy-AVL
update: 20190129
version: 3.0.0.1
detected: False cancel

Kaspersky
result: not-a-virus:AdWare.Win32.DealPly.dwkqc
update: 20190130
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20190129
version: 1.1.15600.4
detected: False cancel

Qihoo-360
result: Win32/Application.a19
update: 20190130
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20190129
version: 6.8.0.5.3988
detected: False cancel

Trustlook
update: 20190130
version: 1.0
detected: False cancel

ZoneAlarm
result: not-a-virus:AdWare.Win32.DealPly.dwkqc
update: 20190129
version: 1.0
detected: True check_circle

Cybereason
result: malicious.9e39ee
update: 20190109
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/InstallCore.Gen.A potentially unwanted
update: 20190130
version: 18789
detected: True check_circle

TrendMicro
result: TROJ_GEN.R004C0OJE18
update: 20190129
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Application.DealAgent.ADPX
update: 20190129
version: 7.2
detected: True check_circle

CrowdStrike
update: 20181023
version: 1.0
detected: False cancel

K7AntiVirus
result: Adware ( 005104a81 )
update: 20190129
version: 11.25.29825
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20190124
version: 1.0.21.269
detected: True check_circle

Avast-Mobile
update: 20190129
version: 190129-00
detected: False cancel

Malwarebytes
result: PUP.Optional.InstallCore
update: 20190129
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20190129
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190129
version: 14.00
detected: False cancel

NANO-Antivirus
result: Virus.Win32.Gen-Crypt.ccnc
update: 20190129
version: 1.0.134.24576
detected: True check_circle

MicroWorld-eScan
result: Application.DealAgent.ADPX
update: 20190130
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190123
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190129
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R004C0OJE18
update: 20190129
version: 10.0.0.1040
detected: True check_circle

total
71
sha256
6b20cd389c1cdb181ea330b8a9572b41df2add0227578bf530a2ba8000a40385
scan_id
6b20cd389c1cdb181ea330b8a9572b41df2add0227578bf530a2ba8000a40385-1548805460
resource
291ff319e39eeb8790b5dbabe2b15d90
positives
32
scan_date
2019-01-29 23:44:20
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
18/2/2020 - 14:45:44.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/2/2020 - 14:45:44.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/2/2020 - 14:45:44.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.90Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.106Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.200Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:44.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.215Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.215Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/2/2020 - 14:45:44.215Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/2/2020 - 14:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:45:44.278Open1480C:\malware.exeC:\dwmapi.dll
18/2/2020 - 14:45:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
18/2/2020 - 14:45:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
18/2/2020 - 14:45:44.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users\Behemot\AppData
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.325Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp
18/2/2020 - 14:45:44.340Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
18/2/2020 - 14:45:44.340Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Prefetch\MALWARE.TMP-673BB03D.pf
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\System32\wow64.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\System32\wow64.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\System32\wow64win.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\System32\wow64win.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\System32\wow64cpu.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\System32\wow64cpu.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\System32\wow64log.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows
18/2/2020 - 14:45:44.387Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Monitor
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\sechost.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\sechost.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\mpr.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\mpr.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\mpr.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\version.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\version.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\version.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp.Local
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.387Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imm32.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imm32.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imm32.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imm32.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imm32.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imm32.dll
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\WindowsShell.Manifest
18/2/2020 - 14:45:44.387Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
18/2/2020 - 14:45:44.387Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:45:44.403Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\dwmapi.dll
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\dwmapi.dll
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\dwmapi.dll
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Fonts\StaticCache.dat
18/2/2020 - 14:45:44.450Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Fonts\StaticCache.datStaticCache.dat
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\ole32.dll
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\ole32.dll
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\rpcss.dll
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\rpcss.dll
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Globalization\Sorting\SortDefault.nls
18/2/2020 - 14:45:44.450Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\syswow64\pt\KERNELBASE.dll.mui
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\en\KERNELBASE.dll.mui
18/2/2020 - 14:45:44.450Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\netmsg.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\netmsg.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\netmsg.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\malware.exe
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_setup64.tmp
18/2/2020 - 14:45:44.465Write1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_setup64.tmp
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_setup64.tmp
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Write1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Write1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-HOMVJ.tmp\_isetup\_shfoldr.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\shfolder.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shfolder.dll
18/2/2020 - 14:45:44.465Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shfolder.dll
18/2/2020 - 14:45:44.481Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\shfolder.dll
18/2/2020 - 14:45:44.481Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shfolder.dll
18/2/2020 - 14:45:44.481Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shfolder.dll
18/2/2020 - 14:45:44.481Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\shfolder.dll
18/2/2020 - 14:45:44.481Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shfolder.dll
18/2/2020 - 14:45:44.481Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shfolder.dll
18/2/2020 - 14:45:44.481Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\Rstrtmgr.dll
18/2/2020 - 14:45:44.481Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\RstrtMgr.dll
18/2/2020 - 14:45:44.481Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\RstrtMgr.dll
18/2/2020 - 14:45:44.622Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\ncrypt.dll
18/2/2020 - 14:45:44.622Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\ncrypt.dll
18/2/2020 - 14:45:44.622Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\ncrypt.dll
18/2/2020 - 14:45:44.622Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\bcrypt.dll
18/2/2020 - 14:45:44.622Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\bcrypt.dll
18/2/2020 - 14:45:44.622Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\bcrypt.dll
18/2/2020 - 14:45:44.762Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\bcryptprimitives.dll
18/2/2020 - 14:45:44.762Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
18/2/2020 - 14:45:44.762Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\bcryptprimitives.dll
18/2/2020 - 14:45:44.762Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
18/2/2020 - 14:45:44.762Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.762Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp
18/2/2020 - 14:45:44.762Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\uxtheme.dll.Config
18/2/2020 - 14:45:44.762Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:45:44.762Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp.Local
18/2/2020 - 14:45:44.762Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.762Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.762Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.762Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.762Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Fonts\sserife.fon
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp.Local
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.778Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imageres.dll
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imageres.dll
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imageres.dll
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\imageres.dll
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\System32\pt-BR\imageres.dll.mui
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\pt\imageres.dll.mui
18/2/2020 - 14:45:44.778Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\en-US\imageres.dll.mui
18/2/2020 - 14:45:44.778Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
18/2/2020 - 14:45:44.825Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:44.825Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:44.825Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:44.825Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:44.918Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Fonts\verdanab.ttf
18/2/2020 - 14:45:44.965Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Fonts\verdanab.ttf
18/2/2020 - 14:45:45.59Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Fonts\StaticCache.datStaticCache.dat
18/2/2020 - 14:45:45.106Read1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\Fonts\StaticCache.datStaticCache.dat
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shlwapi.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shlwapi.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp.Local
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:45.200Unknown1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 14:45:45.200Open1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

Process
Trace
18/2/2020 - 14:45:44.325Create1480C:\malware.exe1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmp

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
18/2/2020 - 14:45:44.762Write1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpHKCU\Software\Microsoft\RestartManager\Session0000Owner
18/2/2020 - 14:45:44.762Write1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpHKCU\Software\Microsoft\RestartManager\Session0000SessionHash
18/2/2020 - 14:45:44.762Write1820C:\Users\Behemot\AppData\Local\Temp\is-P6Q9D.tmp\malware.tmpHKCU\Software\Microsoft\RestartManager\Session0000Sequence

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 99.57%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 56.73%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 69.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 59.76%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download